Vulnerabilites related to proftpd_project - proftpd
cve-2004-0432
Vulnerability from cvelistv5
Published
2004-05-05 04:00
Modified
2024-08-08 00:17
Severity ?
EPSS score ?
Summary
ProFTPD 1.2.9 treats the Allow and Deny directives for CIDR based ACL entries as if they were AllowAll, which could allow FTP clients to bypass intended access restrictions.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/10252 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/16038 | vdb-entry, x_refsource_XF | |
| http://marc.info/?l=bugtraq&m=108335051011341&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://bugs.proftpd.org/show_bug.cgi?id=2267 | x_refsource_CONFIRM | |
| http://marc.info/?l=bugtraq&m=108335030208523&w=2 | vendor-advisory, x_refsource_TRUSTIX | |
| http://secunia.com/advisories/11527 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.mandriva.com/security/advisories?name=MDKSA-2004:041 | vendor-advisory, x_refsource_MANDRAKE |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:17:15.157Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "10252",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10252"
},
{
"name": "proftpd-cidr-acl-bypass(16038)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16038"
},
{
"name": "20040430 [OpenPKG-SA-2004.018] OpenPKG Security Advisory (proftpd)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108335051011341\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.proftpd.org/show_bug.cgi?id=2267"
},
{
"name": "2004-0025",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108335030208523\u0026w=2"
},
{
"name": "11527",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/11527"
},
{
"name": "MDKSA-2004:041",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:041"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-04-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ProFTPD 1.2.9 treats the Allow and Deny directives for CIDR based ACL entries as if they were AllowAll, which could allow FTP clients to bypass intended access restrictions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "10252",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10252"
},
{
"name": "proftpd-cidr-acl-bypass(16038)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16038"
},
{
"name": "20040430 [OpenPKG-SA-2004.018] OpenPKG Security Advisory (proftpd)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108335051011341\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.proftpd.org/show_bug.cgi?id=2267"
},
{
"name": "2004-0025",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108335030208523\u0026w=2"
},
{
"name": "11527",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/11527"
},
{
"name": "MDKSA-2004:041",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:041"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0432",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ProFTPD 1.2.9 treats the Allow and Deny directives for CIDR based ACL entries as if they were AllowAll, which could allow FTP clients to bypass intended access restrictions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "10252",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10252"
},
{
"name": "proftpd-cidr-acl-bypass(16038)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16038"
},
{
"name": "20040430 [OpenPKG-SA-2004.018] OpenPKG Security Advisory (proftpd)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=108335051011341\u0026w=2"
},
{
"name": "http://bugs.proftpd.org/show_bug.cgi?id=2267",
"refsource": "CONFIRM",
"url": "http://bugs.proftpd.org/show_bug.cgi?id=2267"
},
{
"name": "2004-0025",
"refsource": "TRUSTIX",
"url": "http://marc.info/?l=bugtraq\u0026m=108335030208523\u0026w=2"
},
{
"name": "11527",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11527"
},
{
"name": "MDKSA-2004:041",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:041"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0432",
"datePublished": "2004-05-05T04:00:00",
"dateReserved": "2004-05-03T00:00:00",
"dateUpdated": "2024-08-08T00:17:15.157Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-4242
Vulnerability from cvelistv5
Published
2008-09-25 19:00
Modified
2024-08-07 10:08
Severity ?
EPSS score ?
Summary
ProFTPD 1.3.1 interprets long commands from an FTP client as multiple commands, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and execute arbitrary FTP commands via a long ftp:// URI that leverages an existing session from the FTP client implementation in a web browser.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:08:34.954Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "31289",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31289"
},
{
"name": "20080926 multiple vendor ftpd - Cross-site request forgery",
"tags": [
"third-party-advisory",
"x_refsource_SREASONRES",
"x_transferred"
],
"url": "http://securityreason.com/achievement_securityalert/56"
},
{
"name": "MDVSA-2009:061",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:061"
},
{
"name": "1020945",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020945"
},
{
"name": "31930",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31930"
},
{
"name": "FEDORA-2009-0195",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00245.html"
},
{
"name": "33261",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33261"
},
{
"name": "33413",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33413"
},
{
"name": "4313",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4313"
},
{
"name": "FEDORA-2009-0064",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00078.html"
},
{
"name": "DSA-1689",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1689"
},
{
"name": "proftpd-url-csrf(45274)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45274"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.proftpd.org/show_bug.cgi?id=3115"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-09-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ProFTPD 1.3.1 interprets long commands from an FTP client as multiple commands, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and execute arbitrary FTP commands via a long ftp:// URI that leverages an existing session from the FTP client implementation in a web browser."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "31289",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31289"
},
{
"name": "20080926 multiple vendor ftpd - Cross-site request forgery",
"tags": [
"third-party-advisory",
"x_refsource_SREASONRES"
],
"url": "http://securityreason.com/achievement_securityalert/56"
},
{
"name": "MDVSA-2009:061",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:061"
},
{
"name": "1020945",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020945"
},
{
"name": "31930",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31930"
},
{
"name": "FEDORA-2009-0195",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00245.html"
},
{
"name": "33261",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33261"
},
{
"name": "33413",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33413"
},
{
"name": "4313",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4313"
},
{
"name": "FEDORA-2009-0064",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00078.html"
},
{
"name": "DSA-1689",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1689"
},
{
"name": "proftpd-url-csrf(45274)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45274"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.proftpd.org/show_bug.cgi?id=3115"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4242",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ProFTPD 1.3.1 interprets long commands from an FTP client as multiple commands, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and execute arbitrary FTP commands via a long ftp:// URI that leverages an existing session from the FTP client implementation in a web browser."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "31289",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31289"
},
{
"name": "20080926 multiple vendor ftpd - Cross-site request forgery",
"refsource": "SREASONRES",
"url": "http://securityreason.com/achievement_securityalert/56"
},
{
"name": "MDVSA-2009:061",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:061"
},
{
"name": "1020945",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020945"
},
{
"name": "31930",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31930"
},
{
"name": "FEDORA-2009-0195",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00245.html"
},
{
"name": "33261",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33261"
},
{
"name": "33413",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33413"
},
{
"name": "4313",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4313"
},
{
"name": "FEDORA-2009-0064",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00078.html"
},
{
"name": "DSA-1689",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1689"
},
{
"name": "proftpd-url-csrf(45274)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45274"
},
{
"name": "http://bugs.proftpd.org/show_bug.cgi?id=3115",
"refsource": "CONFIRM",
"url": "http://bugs.proftpd.org/show_bug.cgi?id=3115"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4242",
"datePublished": "2008-09-25T19:00:00",
"dateReserved": "2008-09-25T00:00:00",
"dateUpdated": "2024-08-07T10:08:34.954Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2003-0500
Vulnerability from cvelistv5
Published
2003-07-04 04:00
Modified
2024-08-08 01:58
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in the PostgreSQL authentication module (mod_sql_postgres) for ProFTPD before 1.2.9rc1 allows remote attackers to execute arbitrary SQL and gain privileges by bypassing authentication or stealing passwords via the USER name.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.grok.org.uk/pipermail/full-disclosure/2003-June/005826.html | mailing-list, x_refsource_FULLDISC | |
| http://www.debian.org/security/2003/dsa-338 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:58:10.925Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20030618 SQL Inject in ProFTPD login against Postgresql using mod_sql",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-June/005826.html"
},
{
"name": "DSA-338",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2003/dsa-338"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-06-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the PostgreSQL authentication module (mod_sql_postgres) for ProFTPD before 1.2.9rc1 allows remote attackers to execute arbitrary SQL and gain privileges by bypassing authentication or stealing passwords via the USER name."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-03-21T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20030618 SQL Inject in ProFTPD login against Postgresql using mod_sql",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-June/005826.html"
},
{
"name": "DSA-338",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2003/dsa-338"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0500",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the PostgreSQL authentication module (mod_sql_postgres) for ProFTPD before 1.2.9rc1 allows remote attackers to execute arbitrary SQL and gain privileges by bypassing authentication or stealing passwords via the USER name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20030618 SQL Inject in ProFTPD login against Postgresql using mod_sql",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-June/005826.html"
},
{
"name": "DSA-338",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2003/dsa-338"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0500",
"datePublished": "2003-07-04T04:00:00",
"dateReserved": "2003-06-30T00:00:00",
"dateUpdated": "2024-08-08T01:58:10.925Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2001-0027
Vulnerability from cvelistv5
Published
2001-02-02 05:00
Modified
2024-08-08 04:06
Severity ?
EPSS score ?
Summary
mod_sqlpw module in ProFTPD does not reset a cached password when a user uses the "user" command to change accounts, which allows authenticated attackers to gain privileges of other users.
References
| ▼ | URL | Tags |
|---|---|---|
| http://archives.neohapsis.com/archives/bugtraq/2000-12/0139.html | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/5737 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:06:55.561Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20001211 mod_sqlpw Password Caching Bug",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-12/0139.html"
},
{
"name": "proftpd-modsqlpw-unauth-access(5737)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5737"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2000-12-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "mod_sqlpw module in ProFTPD does not reset a cached password when a user uses the \"user\" command to change accounts, which allows authenticated attackers to gain privileges of other users."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-18T21:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20001211 mod_sqlpw Password Caching Bug",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-12/0139.html"
},
{
"name": "proftpd-modsqlpw-unauth-access(5737)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5737"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0027",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "mod_sqlpw module in ProFTPD does not reset a cached password when a user uses the \"user\" command to change accounts, which allows authenticated attackers to gain privileges of other users."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20001211 mod_sqlpw Password Caching Bug",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-12/0139.html"
},
{
"name": "proftpd-modsqlpw-unauth-access(5737)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5737"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-0027",
"datePublished": "2001-02-02T05:00:00",
"dateReserved": "2001-02-01T00:00:00",
"dateUpdated": "2024-08-08T04:06:55.561Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-2390
Vulnerability from cvelistv5
Published
2005-07-27 04:00
Modified
2024-08-07 22:22
Severity ?
EPSS score ?
Summary
Multiple format string vulnerabilities in ProFTPD before 1.3.0rc2 allow attackers to cause a denial of service or obtain sensitive information via (1) certain inputs to the shutdown message from ftpshut, or (2) the SQLShowInfo mod_sql directive.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=112604373503912&w=2 | vendor-advisory, x_refsource_OPENPKG | |
| http://www.securityfocus.com/bid/14381 | vdb-entry, x_refsource_BID | |
| http://www.securityfocus.com/bid/14380 | vdb-entry, x_refsource_BID | |
| http://www.debian.org/security/2005/dsa-795 | vendor-advisory, x_refsource_DEBIAN | |
| http://secunia.com/advisories/16181 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.proftpd.org/docs/RELEASE_NOTES-1.3.0rc2 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:22:49.114Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "OpenPKG-SA-2005.020",
"tags": [
"vendor-advisory",
"x_refsource_OPENPKG",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112604373503912\u0026w=2"
},
{
"name": "14381",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/14381"
},
{
"name": "14380",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/14380"
},
{
"name": "DSA-795",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-795"
},
{
"name": "16181",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16181"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.proftpd.org/docs/RELEASE_NOTES-1.3.0rc2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-07-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple format string vulnerabilities in ProFTPD before 1.3.0rc2 allow attackers to cause a denial of service or obtain sensitive information via (1) certain inputs to the shutdown message from ftpshut, or (2) the SQLShowInfo mod_sql directive."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "OpenPKG-SA-2005.020",
"tags": [
"vendor-advisory",
"x_refsource_OPENPKG"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112604373503912\u0026w=2"
},
{
"name": "14381",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/14381"
},
{
"name": "14380",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/14380"
},
{
"name": "DSA-795",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-795"
},
{
"name": "16181",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16181"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.proftpd.org/docs/RELEASE_NOTES-1.3.0rc2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2390",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple format string vulnerabilities in ProFTPD before 1.3.0rc2 allow attackers to cause a denial of service or obtain sensitive information via (1) certain inputs to the shutdown message from ftpshut, or (2) the SQLShowInfo mod_sql directive."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "OpenPKG-SA-2005.020",
"refsource": "OPENPKG",
"url": "http://marc.info/?l=bugtraq\u0026m=112604373503912\u0026w=2"
},
{
"name": "14381",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14381"
},
{
"name": "14380",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14380"
},
{
"name": "DSA-795",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-795"
},
{
"name": "16181",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16181"
},
{
"name": "http://www.proftpd.org/docs/RELEASE_NOTES-1.3.0rc2",
"refsource": "CONFIRM",
"url": "http://www.proftpd.org/docs/RELEASE_NOTES-1.3.0rc2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-2390",
"datePublished": "2005-07-27T04:00:00",
"dateReserved": "2005-07-27T00:00:00",
"dateUpdated": "2024-08-07T22:22:49.114Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-4816
Vulnerability from cvelistv5
Published
2006-12-23 11:00
Modified
2024-08-08 00:01
Severity ?
EPSS score ?
Summary
Buffer overflow in mod_radius in ProFTPD before 1.3.0rc2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long password.
References
| ▼ | URL | Tags |
|---|---|---|
| http://archives.neohapsis.com/archives/dailydave/2006-q1/0122.html | mailing-list, x_refsource_MLIST | |
| http://bugs.proftpd.org/show_bug.cgi?id=2658 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/16535 | vdb-entry, x_refsource_BID | |
| http://www.debian.org/security/2007/dsa-1245 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.osvdb.org/23063 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:01:23.301Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[Dailydave] 20060207 ProFTPD bug",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/dailydave/2006-q1/0122.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.proftpd.org/show_bug.cgi?id=2658"
},
{
"name": "16535",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16535"
},
{
"name": "DSA-1245",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2007/dsa-1245"
},
{
"name": "23063",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/23063"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-07-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in mod_radius in ProFTPD before 1.3.0rc2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long password."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-06-09T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[Dailydave] 20060207 ProFTPD bug",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://archives.neohapsis.com/archives/dailydave/2006-q1/0122.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.proftpd.org/show_bug.cgi?id=2658"
},
{
"name": "16535",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16535"
},
{
"name": "DSA-1245",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2007/dsa-1245"
},
{
"name": "23063",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/23063"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4816",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in mod_radius in ProFTPD before 1.3.0rc2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long password."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[Dailydave] 20060207 ProFTPD bug",
"refsource": "MLIST",
"url": "http://archives.neohapsis.com/archives/dailydave/2006-q1/0122.html"
},
{
"name": "http://bugs.proftpd.org/show_bug.cgi?id=2658",
"refsource": "CONFIRM",
"url": "http://bugs.proftpd.org/show_bug.cgi?id=2658"
},
{
"name": "16535",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16535"
},
{
"name": "DSA-1245",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1245"
},
{
"name": "23063",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23063"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-4816",
"datePublished": "2006-12-23T11:00:00",
"dateReserved": "2006-12-22T00:00:00",
"dateUpdated": "2024-08-08T00:01:23.301Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2001-1500
Vulnerability from cvelistv5
Published
2005-06-21 04:00
Modified
2024-08-08 04:58
Severity ?
EPSS score ?
Summary
ProFTPD 1.2.2rc2, and possibly other versions, does not properly verify reverse-resolved hostnames by performing forward resolution, which allows remote attackers to bypass ACLs or cause an incorrect client hostname to be logged.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/212805 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/3310 | vdb-entry, x_refsource_BID | |
| http://www.mandriva.com/security/advisories?name=MDKSA-2002:005 | vendor-advisory, x_refsource_MANDRAKE | |
| http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000450 | vendor-advisory, x_refsource_CONECTIVA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/7126 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:58:11.664Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20010907 ProFTPd and reverse DNS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/212805"
},
{
"name": "3310",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/3310"
},
{
"name": "MDKSA-2002:005",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2002:005"
},
{
"name": "CLA-2002:450",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000450"
},
{
"name": "proftpd-unresolved-hostname(7126)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7126"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-09-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ProFTPD 1.2.2rc2, and possibly other versions, does not properly verify reverse-resolved hostnames by performing forward resolution, which allows remote attackers to bypass ACLs or cause an incorrect client hostname to be logged."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-18T21:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20010907 ProFTPd and reverse DNS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/212805"
},
{
"name": "3310",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/3310"
},
{
"name": "MDKSA-2002:005",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2002:005"
},
{
"name": "CLA-2002:450",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000450"
},
{
"name": "proftpd-unresolved-hostname(7126)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7126"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-1500",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ProFTPD 1.2.2rc2, and possibly other versions, does not properly verify reverse-resolved hostnames by performing forward resolution, which allows remote attackers to bypass ACLs or cause an incorrect client hostname to be logged."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20010907 ProFTPd and reverse DNS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/212805"
},
{
"name": "3310",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3310"
},
{
"name": "MDKSA-2002:005",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2002:005"
},
{
"name": "CLA-2002:450",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000450"
},
{
"name": "proftpd-unresolved-hostname(7126)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7126"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-1500",
"datePublished": "2005-06-21T04:00:00",
"dateReserved": "2005-06-21T00:00:00",
"dateUpdated": "2024-08-08T04:58:11.664Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-0346
Vulnerability from cvelistv5
Published
2004-03-18 05:00
Modified
2024-08-08 00:17
Severity ?
EPSS score ?
Summary
Off-by-one buffer overflow in _xlate_ascii_write() in ProFTPD 1.2.7 through 1.2.9rc2p allows local users to gain privileges via a 1024 byte RETR command.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=107824679817240&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/9782 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/15387 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:17:14.445Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20040302 The Cult of a Cardinal Number",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=107824679817240\u0026w=2"
},
{
"name": "9782",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/9782"
},
{
"name": "proftpd-offbyone-bo(15387)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15387"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-03-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Off-by-one buffer overflow in _xlate_ascii_write() in ProFTPD 1.2.7 through 1.2.9rc2p allows local users to gain privileges via a 1024 byte RETR command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20040302 The Cult of a Cardinal Number",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=107824679817240\u0026w=2"
},
{
"name": "9782",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/9782"
},
{
"name": "proftpd-offbyone-bo(15387)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15387"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0346",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Off-by-one buffer overflow in _xlate_ascii_write() in ProFTPD 1.2.7 through 1.2.9rc2p allows local users to gain privileges via a 1024 byte RETR command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20040302 The Cult of a Cardinal Number",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=107824679817240\u0026w=2"
},
{
"name": "9782",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9782"
},
{
"name": "proftpd-offbyone-bo(15387)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15387"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0346",
"datePublished": "2004-03-18T05:00:00",
"dateReserved": "2004-03-17T00:00:00",
"dateUpdated": "2024-08-08T00:17:14.445Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-1999-0911
Vulnerability from cvelistv5
Published
2000-02-04 05:00
Modified
2024-08-01 16:55
Severity ?
EPSS score ?
Summary
Buffer overflow in ProFTPD, wu-ftpd, and beroftpd allows remote attackers to gain root access via a series of MKD and CWD commands that create nested directories.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/612 | vdb-entry, x_refsource_BID | |
| http://www.debian.org/security/1999/19990210 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T16:55:28.981Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "612",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/612"
},
{
"name": "19990210",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/1999/19990210"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "1999-08-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in ProFTPD, wu-ftpd, and beroftpd allows remote attackers to gain root access via a series of MKD and CWD commands that create nested directories."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-03-09T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "612",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/612"
},
{
"name": "19990210",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/1999/19990210"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-0911",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in ProFTPD, wu-ftpd, and beroftpd allows remote attackers to gain root access via a series of MKD and CWD commands that create nested directories."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "612",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/612"
},
{
"name": "19990210",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/1999/19990210"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-1999-0911",
"datePublished": "2000-02-04T05:00:00",
"dateReserved": "1999-12-08T00:00:00",
"dateUpdated": "2024-08-01T16:55:28.981Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-6170
Vulnerability from cvelistv5
Published
2006-11-30 15:00
Modified
2024-08-07 20:19
Severity ?
EPSS score ?
Summary
Buffer overflow in the tls_x509_name_oneline function in the mod_tls module, as used in ProFTPD 1.3.0a and earlier, and possibly other products, allows remote attackers to execute arbitrary code via a large data length argument, a different vulnerability than CVE-2006-5815.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:19:34.992Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-1222",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1222"
},
{
"name": "20061128 ProFTPD mod_tls pre-authentication buffer overflow",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-November/050935.html"
},
{
"name": "20061129 Re: ProFTPD mod_tls pre-authentication buffer overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/452993/100/100/threaded"
},
{
"name": "23207",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23207"
},
{
"name": "SSA:2006-335-02",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.502491"
},
{
"name": "23141",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23141"
},
{
"name": "23174",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23174"
},
{
"name": "MDKSA-2006:217-1",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:217-1"
},
{
"name": "21326",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21326"
},
{
"name": "20061128 ProFTPD mod_tls pre-authentication buffer overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/452872/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=214820"
},
{
"name": "23184",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23184"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://elegerov.blogspot.com/2006/10/do-you-remember-2-years-old-overflow.html"
},
{
"name": "2006-0066",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX",
"x_transferred"
],
"url": "http://www.trustix.org/errata/2006/0066"
},
{
"name": "23179",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23179"
},
{
"name": "GLSA-200611-26",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200611-26.xml"
},
{
"name": "20061121 Re: [ MDKSA-2006:217 ] - Updated proftpd packages fix vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/452228/100/100/threaded"
},
{
"name": "proftpd-modtls-bo(30554)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30554"
},
{
"name": "ADV-2006-4745",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4745"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-11-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the tls_x509_name_oneline function in the mod_tls module, as used in ProFTPD 1.3.0a and earlier, and possibly other products, allows remote attackers to execute arbitrary code via a large data length argument, a different vulnerability than CVE-2006-5815."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-1222",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1222"
},
{
"name": "20061128 ProFTPD mod_tls pre-authentication buffer overflow",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-November/050935.html"
},
{
"name": "20061129 Re: ProFTPD mod_tls pre-authentication buffer overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/452993/100/100/threaded"
},
{
"name": "23207",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23207"
},
{
"name": "SSA:2006-335-02",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.502491"
},
{
"name": "23141",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23141"
},
{
"name": "23174",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23174"
},
{
"name": "MDKSA-2006:217-1",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:217-1"
},
{
"name": "21326",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21326"
},
{
"name": "20061128 ProFTPD mod_tls pre-authentication buffer overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/452872/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=214820"
},
{
"name": "23184",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23184"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://elegerov.blogspot.com/2006/10/do-you-remember-2-years-old-overflow.html"
},
{
"name": "2006-0066",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX"
],
"url": "http://www.trustix.org/errata/2006/0066"
},
{
"name": "23179",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23179"
},
{
"name": "GLSA-200611-26",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200611-26.xml"
},
{
"name": "20061121 Re: [ MDKSA-2006:217 ] - Updated proftpd packages fix vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/452228/100/100/threaded"
},
{
"name": "proftpd-modtls-bo(30554)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30554"
},
{
"name": "ADV-2006-4745",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4745"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6170",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the tls_x509_name_oneline function in the mod_tls module, as used in ProFTPD 1.3.0a and earlier, and possibly other products, allows remote attackers to execute arbitrary code via a large data length argument, a different vulnerability than CVE-2006-5815."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-1222",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1222"
},
{
"name": "20061128 ProFTPD mod_tls pre-authentication buffer overflow",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-November/050935.html"
},
{
"name": "20061129 Re: ProFTPD mod_tls pre-authentication buffer overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/452993/100/100/threaded"
},
{
"name": "23207",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23207"
},
{
"name": "SSA:2006-335-02",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.502491"
},
{
"name": "23141",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23141"
},
{
"name": "23174",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23174"
},
{
"name": "MDKSA-2006:217-1",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:217-1"
},
{
"name": "21326",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21326"
},
{
"name": "20061128 ProFTPD mod_tls pre-authentication buffer overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/452872/100/0/threaded"
},
{
"name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=214820",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=214820"
},
{
"name": "23184",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23184"
},
{
"name": "http://elegerov.blogspot.com/2006/10/do-you-remember-2-years-old-overflow.html",
"refsource": "MISC",
"url": "http://elegerov.blogspot.com/2006/10/do-you-remember-2-years-old-overflow.html"
},
{
"name": "2006-0066",
"refsource": "TRUSTIX",
"url": "http://www.trustix.org/errata/2006/0066"
},
{
"name": "23179",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23179"
},
{
"name": "GLSA-200611-26",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200611-26.xml"
},
{
"name": "20061121 Re: [ MDKSA-2006:217 ] - Updated proftpd packages fix vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/452228/100/100/threaded"
},
{
"name": "proftpd-modtls-bo(30554)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30554"
},
{
"name": "ADV-2006-4745",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4745"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-6170",
"datePublished": "2006-11-30T15:00:00",
"dateReserved": "2006-11-30T00:00:00",
"dateUpdated": "2024-08-07T20:19:34.992Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-1999-0368
Vulnerability from cvelistv5
Published
1999-09-29 04:00
Modified
2024-08-01 16:34
Severity ?
EPSS score ?
Summary
Buffer overflows in wuarchive ftpd (wu-ftpd) and ProFTPD lead to remote root access, a.k.a. palmetto.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0368 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T16:34:51.941Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0368"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflows in wuarchive ftpd (wu-ftpd) and ProFTPD lead to remote root access, a.k.a. palmetto."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-17T07:24:14",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0368"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-0368",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflows in wuarchive ftpd (wu-ftpd) and ProFTPD lead to remote root access, a.k.a. palmetto."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0368",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0368"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-1999-0368",
"datePublished": "1999-09-29T04:00:00",
"dateReserved": "1999-06-07T00:00:00",
"dateUpdated": "2024-08-01T16:34:51.941Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-1602
Vulnerability from cvelistv5
Published
2005-02-20 05:00
Modified
2024-08-08 01:00
Severity ?
EPSS score ?
Summary
ProFTPD 1.2.x, including 1.2.8 and 1.2.10, responds in a different amount of time when a given username exists, which allows remote attackers to identify valid usernames by timing the server response.
References
| ▼ | URL | Tags |
|---|---|---|
| http://securitytracker.com/id?1011687 | vdb-entry, x_refsource_SECTRACK | |
| http://security.lss.hr/index.php?page=details&ID=LSS-2004-10-02 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/11430 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/17724 | vdb-entry, x_refsource_XF | |
| http://marc.info/?l=bugtraq&m=109786760926133&w=2 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:00:36.524Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1011687",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1011687"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://security.lss.hr/index.php?page=details\u0026ID=LSS-2004-10-02"
},
{
"name": "11430",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11430"
},
{
"name": "proftpd-info-disclosure(17724)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17724"
},
{
"name": "20041015 ProFTPD 1.2.x remote users enumeration bug",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109786760926133\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-10-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ProFTPD 1.2.x, including 1.2.8 and 1.2.10, responds in a different amount of time when a given username exists, which allows remote attackers to identify valid usernames by timing the server response."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1011687",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1011687"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://security.lss.hr/index.php?page=details\u0026ID=LSS-2004-10-02"
},
{
"name": "11430",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11430"
},
{
"name": "proftpd-info-disclosure(17724)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17724"
},
{
"name": "20041015 ProFTPD 1.2.x remote users enumeration bug",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109786760926133\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1602",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ProFTPD 1.2.x, including 1.2.8 and 1.2.10, responds in a different amount of time when a given username exists, which allows remote attackers to identify valid usernames by timing the server response."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1011687",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1011687"
},
{
"name": "http://security.lss.hr/index.php?page=details\u0026ID=LSS-2004-10-02",
"refsource": "MISC",
"url": "http://security.lss.hr/index.php?page=details\u0026ID=LSS-2004-10-02"
},
{
"name": "11430",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11430"
},
{
"name": "proftpd-info-disclosure(17724)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17724"
},
{
"name": "20041015 ProFTPD 1.2.x remote users enumeration bug",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=109786760926133\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1602",
"datePublished": "2005-02-20T05:00:00",
"dateReserved": "2005-02-20T00:00:00",
"dateUpdated": "2024-08-08T01:00:36.524Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2001-0318
Vulnerability from cvelistv5
Published
2001-05-07 04:00
Modified
2024-08-08 04:14
Severity ?
EPSS score ?
Summary
Format string vulnerability in ProFTPD 1.2.0rc2 may allow attackers to execute arbitrary commands by shutting down the FTP server while using a malformed working directory (cwd).
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-021.php3 | vendor-advisory, x_refsource_MANDRAKE | |
| http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000380 | vendor-advisory, x_refsource_CONECTIVA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/6433 | vdb-entry, x_refsource_XF | |
| http://marc.info/?l=bugtraq&m=97916525715657&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://archives.neohapsis.com/archives/bugtraq/2001-02/0117.html | mailing-list, x_refsource_BUGTRAQ | |
| http://www.debian.org/security/2001/dsa-029 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:14:07.394Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MDKSA-2001:021",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-021.php3"
},
{
"name": "CLA-2001:380",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000380"
},
{
"name": "proftpd-format-string(6433)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6433"
},
{
"name": "20010110 proftpd 1.2.0rc2 -- example of bad coding",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=97916525715657\u0026w=2"
},
{
"name": "20010206 Response to ProFTPD issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-02/0117.html"
},
{
"name": "DSA-029",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2001/dsa-029"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-01-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in ProFTPD 1.2.0rc2 may allow attackers to execute arbitrary commands by shutting down the FTP server while using a malformed working directory (cwd)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-02T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "MDKSA-2001:021",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-021.php3"
},
{
"name": "CLA-2001:380",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000380"
},
{
"name": "proftpd-format-string(6433)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6433"
},
{
"name": "20010110 proftpd 1.2.0rc2 -- example of bad coding",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=97916525715657\u0026w=2"
},
{
"name": "20010206 Response to ProFTPD issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-02/0117.html"
},
{
"name": "DSA-029",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2001/dsa-029"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0318",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Format string vulnerability in ProFTPD 1.2.0rc2 may allow attackers to execute arbitrary commands by shutting down the FTP server while using a malformed working directory (cwd)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDKSA-2001:021",
"refsource": "MANDRAKE",
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-021.php3"
},
{
"name": "CLA-2001:380",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000380"
},
{
"name": "proftpd-format-string(6433)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6433"
},
{
"name": "20010110 proftpd 1.2.0rc2 -- example of bad coding",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=97916525715657\u0026w=2"
},
{
"name": "20010206 Response to ProFTPD issues",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-02/0117.html"
},
{
"name": "DSA-029",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2001/dsa-029"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-0318",
"datePublished": "2001-05-07T04:00:00",
"dateReserved": "2001-04-04T00:00:00",
"dateUpdated": "2024-08-08T04:14:07.394Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2003-0831
Vulnerability from cvelistv5
Published
2003-09-25 04:00
Modified
2024-08-08 02:05
Severity ?
EPSS score ?
Summary
ProFTPD 1.2.7 through 1.2.9rc2 does not properly translate newline characters when transferring files in ASCII mode, which allows remote attackers to execute arbitrary code via a buffer overflow using certain files.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=106606885611269&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://xforce.iss.net/xforce/alerts/id/154 | third-party-advisory, x_refsource_ISS | |
| http://www.kb.cert.org/vuls/id/405348 | third-party-advisory, x_refsource_CERT-VN | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/12200 | vdb-entry, x_refsource_XF | |
| https://www.exploit-db.com/exploits/107/ | exploit, x_refsource_EXPLOIT-DB | |
| http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012072.html | mailing-list, x_refsource_FULLDISC | |
| http://secunia.com/advisories/9829 | third-party-advisory, x_refsource_SECUNIA | |
| http://marc.info/?l=bugtraq&m=106441655617816&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.mandriva.com/security/advisories?name=MDKSA-2003:095 | vendor-advisory, x_refsource_MANDRAKE |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:05:12.609Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20031013 Remote root exploit for proftpd \\n bug",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106606885611269\u0026w=2"
},
{
"name": "20030923 ProFTPD ASCII File Remote Compromise Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_ISS",
"x_transferred"
],
"url": "http://xforce.iss.net/xforce/alerts/id/154"
},
{
"name": "VU#405348",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/405348"
},
{
"name": "proftpd-ascii-xfer-newline-bo(12200)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12200"
},
{
"name": "107",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/107/"
},
{
"name": "20031014 Another ProFTPd root EXPLOIT ?",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012072.html"
},
{
"name": "9829",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/9829"
},
{
"name": "20030924 [slackware-security] ProFTPD Security Advisory (SSA:2003-259-02)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106441655617816\u0026w=2"
},
{
"name": "MDKSA-2003:095",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:095"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-09-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ProFTPD 1.2.7 through 1.2.9rc2 does not properly translate newline characters when transferring files in ASCII mode, which allows remote attackers to execute arbitrary code via a buffer overflow using certain files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-04T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20031013 Remote root exploit for proftpd \\n bug",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106606885611269\u0026w=2"
},
{
"name": "20030923 ProFTPD ASCII File Remote Compromise Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_ISS"
],
"url": "http://xforce.iss.net/xforce/alerts/id/154"
},
{
"name": "VU#405348",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/405348"
},
{
"name": "proftpd-ascii-xfer-newline-bo(12200)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12200"
},
{
"name": "107",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/107/"
},
{
"name": "20031014 Another ProFTPd root EXPLOIT ?",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012072.html"
},
{
"name": "9829",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/9829"
},
{
"name": "20030924 [slackware-security] ProFTPD Security Advisory (SSA:2003-259-02)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106441655617816\u0026w=2"
},
{
"name": "MDKSA-2003:095",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:095"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0831",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ProFTPD 1.2.7 through 1.2.9rc2 does not properly translate newline characters when transferring files in ASCII mode, which allows remote attackers to execute arbitrary code via a buffer overflow using certain files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20031013 Remote root exploit for proftpd \\n bug",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=106606885611269\u0026w=2"
},
{
"name": "20030923 ProFTPD ASCII File Remote Compromise Vulnerability",
"refsource": "ISS",
"url": "http://xforce.iss.net/xforce/alerts/id/154"
},
{
"name": "VU#405348",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/405348"
},
{
"name": "proftpd-ascii-xfer-newline-bo(12200)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12200"
},
{
"name": "107",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/107/"
},
{
"name": "20031014 Another ProFTPd root EXPLOIT ?",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012072.html"
},
{
"name": "9829",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/9829"
},
{
"name": "20030924 [slackware-security] ProFTPD Security Advisory (SSA:2003-259-02)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=106441655617816\u0026w=2"
},
{
"name": "MDKSA-2003:095",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:095"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0831",
"datePublished": "2003-09-25T04:00:00",
"dateReserved": "2003-09-24T00:00:00",
"dateUpdated": "2024-08-08T02:05:12.609Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-2165
Vulnerability from cvelistv5
Published
2007-04-22 19:00
Modified
2024-08-07 13:23
Severity ?
EPSS score ?
Summary
The Auth API in ProFTPD before 20070417, when multiple simultaneous authentication modules are configured, does not require that the module that checks authentication is the same as the module that retrieves authentication data, which might allow remote attackers to bypass authentication, as demonstrated by use of SQLAuthTypes Plaintext in mod_sql, with data retrieved from /etc/passwd.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:23:50.950Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=419255"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.proftpd.org/show_bug.cgi?id=2922"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=237533"
},
{
"name": "MDKSA-2007:130",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:130"
},
{
"name": "25724",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25724"
},
{
"name": "23546",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23546"
},
{
"name": "24867",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24867"
},
{
"name": "34602",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/34602"
},
{
"name": "ADV-2007-1444",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1444"
},
{
"name": "1017931",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017931"
},
{
"name": "FEDORA-2007-2613",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00065.html"
},
{
"name": "27516",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27516"
},
{
"name": "proftpd-authapi-security-bypass(33733)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33733"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-04-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Auth API in ProFTPD before 20070417, when multiple simultaneous authentication modules are configured, does not require that the module that checks authentication is the same as the module that retrieves authentication data, which might allow remote attackers to bypass authentication, as demonstrated by use of SQLAuthTypes Plaintext in mod_sql, with data retrieved from /etc/passwd."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=419255"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.proftpd.org/show_bug.cgi?id=2922"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=237533"
},
{
"name": "MDKSA-2007:130",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:130"
},
{
"name": "25724",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25724"
},
{
"name": "23546",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23546"
},
{
"name": "24867",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24867"
},
{
"name": "34602",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/34602"
},
{
"name": "ADV-2007-1444",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1444"
},
{
"name": "1017931",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017931"
},
{
"name": "FEDORA-2007-2613",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00065.html"
},
{
"name": "27516",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27516"
},
{
"name": "proftpd-authapi-security-bypass(33733)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33733"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2165",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Auth API in ProFTPD before 20070417, when multiple simultaneous authentication modules are configured, does not require that the module that checks authentication is the same as the module that retrieves authentication data, which might allow remote attackers to bypass authentication, as demonstrated by use of SQLAuthTypes Plaintext in mod_sql, with data retrieved from /etc/passwd."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=419255",
"refsource": "MISC",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=419255"
},
{
"name": "http://bugs.proftpd.org/show_bug.cgi?id=2922",
"refsource": "CONFIRM",
"url": "http://bugs.proftpd.org/show_bug.cgi?id=2922"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=237533",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=237533"
},
{
"name": "MDKSA-2007:130",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:130"
},
{
"name": "25724",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25724"
},
{
"name": "23546",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23546"
},
{
"name": "24867",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24867"
},
{
"name": "34602",
"refsource": "OSVDB",
"url": "http://osvdb.org/34602"
},
{
"name": "ADV-2007-1444",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1444"
},
{
"name": "1017931",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017931"
},
{
"name": "FEDORA-2007-2613",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00065.html"
},
{
"name": "27516",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27516"
},
{
"name": "proftpd-authapi-security-bypass(33733)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33733"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-2165",
"datePublished": "2007-04-22T19:00:00",
"dateReserved": "2007-04-22T00:00:00",
"dateUpdated": "2024-08-07T13:23:50.950Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-6171
Vulnerability from cvelistv5
Published
2006-11-30 15:00
Modified
2024-08-07 20:19
Severity ?
EPSS score ?
Summary
ProFTPD 1.3.0a and earlier does not properly set the buffer size limit when CommandBufferSize is specified in the configuration file, which leads to an off-by-two buffer underflow. NOTE: in November 2006, the role of CommandBufferSize was originally associated with CVE-2006-5815, but this was an error stemming from a vague initial disclosure. NOTE: ProFTPD developers dispute this issue, saying that the relevant memory location is overwritten by assignment before further use within the affected function, so this is not a vulnerability
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:19:34.625Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-1222",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1222"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://proftp.cvs.sourceforge.net/proftp/proftpd/src/main.c?r1=1.292\u0026r2=1.293\u0026sortby=date"
},
{
"name": "DSA-1218",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1218"
},
{
"name": "23207",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23207"
},
{
"name": "SSA:2006-335-02",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.502491"
},
{
"name": "23174",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23174"
},
{
"name": "MDKSA-2006:217-1",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:217-1"
},
{
"name": "2006-0070",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX",
"x_transferred"
],
"url": "http://www.trustix.org/errata/2006/0070"
},
{
"name": "23329",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23329"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=214820"
},
{
"name": "23184",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23184"
},
{
"name": "23179",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23179"
},
{
"name": "GLSA-200611-26",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200611-26.xml"
},
{
"name": "OpenPKG-SA-2006.035",
"tags": [
"vendor-advisory",
"x_refsource_OPENPKG",
"x_transferred"
],
"url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.035.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-11-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ProFTPD 1.3.0a and earlier does not properly set the buffer size limit when CommandBufferSize is specified in the configuration file, which leads to an off-by-two buffer underflow. NOTE: in November 2006, the role of CommandBufferSize was originally associated with CVE-2006-5815, but this was an error stemming from a vague initial disclosure. NOTE: ProFTPD developers dispute this issue, saying that the relevant memory location is overwritten by assignment before further use within the affected function, so this is not a vulnerability"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-12-04T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-1222",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1222"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://proftp.cvs.sourceforge.net/proftp/proftpd/src/main.c?r1=1.292\u0026r2=1.293\u0026sortby=date"
},
{
"name": "DSA-1218",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1218"
},
{
"name": "23207",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23207"
},
{
"name": "SSA:2006-335-02",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.502491"
},
{
"name": "23174",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23174"
},
{
"name": "MDKSA-2006:217-1",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:217-1"
},
{
"name": "2006-0070",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX"
],
"url": "http://www.trustix.org/errata/2006/0070"
},
{
"name": "23329",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23329"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=214820"
},
{
"name": "23184",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23184"
},
{
"name": "23179",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23179"
},
{
"name": "GLSA-200611-26",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200611-26.xml"
},
{
"name": "OpenPKG-SA-2006.035",
"tags": [
"vendor-advisory",
"x_refsource_OPENPKG"
],
"url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.035.html"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6171",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** ProFTPD 1.3.0a and earlier does not properly set the buffer size limit when CommandBufferSize is specified in the configuration file, which leads to an off-by-two buffer underflow. NOTE: in November 2006, the role of CommandBufferSize was originally associated with CVE-2006-5815, but this was an error stemming from a vague initial disclosure. NOTE: ProFTPD developers dispute this issue, saying that the relevant memory location is overwritten by assignment before further use within the affected function, so this is not a vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-1222",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1222"
},
{
"name": "http://proftp.cvs.sourceforge.net/proftp/proftpd/src/main.c?r1=1.292\u0026r2=1.293\u0026sortby=date",
"refsource": "MISC",
"url": "http://proftp.cvs.sourceforge.net/proftp/proftpd/src/main.c?r1=1.292\u0026r2=1.293\u0026sortby=date"
},
{
"name": "DSA-1218",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1218"
},
{
"name": "23207",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23207"
},
{
"name": "SSA:2006-335-02",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.502491"
},
{
"name": "23174",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23174"
},
{
"name": "MDKSA-2006:217-1",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:217-1"
},
{
"name": "2006-0070",
"refsource": "TRUSTIX",
"url": "http://www.trustix.org/errata/2006/0070"
},
{
"name": "23329",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23329"
},
{
"name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=214820",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=214820"
},
{
"name": "23184",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23184"
},
{
"name": "23179",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23179"
},
{
"name": "GLSA-200611-26",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200611-26.xml"
},
{
"name": "OpenPKG-SA-2006.035",
"refsource": "OPENPKG",
"url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.035.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-6171",
"datePublished": "2006-11-30T15:00:00",
"dateReserved": "2006-11-30T00:00:00",
"dateUpdated": "2024-08-07T20:19:34.625Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2001-1501
Vulnerability from cvelistv5
Published
2005-06-21 04:00
Modified
2024-08-08 04:58
Severity ?
EPSS score ?
Summary
The glob functionality in ProFTPD 1.2.1, and possibly other versions allows remote attackers to cause a denial of service (CPU and memory consumption) via commands with large numbers of wildcard and other special characters, as demonstrated using an ls command with multiple (1) "*/..", (2) "*/.*", or (3) ".*./*?/" sequences in the argument.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.mandriva.com/security/advisories?name=MDKSA-2002:005 | vendor-advisory, x_refsource_MANDRAKE | |
| http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000450 | vendor-advisory, x_refsource_CONECTIVA | |
| http://online.securityfocus.com/archive/1/169395 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:58:11.373Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MDKSA-2002:005",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2002:005"
},
{
"name": "CLA-2002:450",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000450"
},
{
"name": "20010315 [SECURITY] DoS vulnerability in ProFTPD",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://online.securityfocus.com/archive/1/169395"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-03-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The glob functionality in ProFTPD 1.2.1, and possibly other versions allows remote attackers to cause a denial of service (CPU and memory consumption) via commands with large numbers of wildcard and other special characters, as demonstrated using an ls command with multiple (1) \"*/..\", (2) \"*/.*\", or (3) \".*./*?/\" sequences in the argument."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-10-18T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "MDKSA-2002:005",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2002:005"
},
{
"name": "CLA-2002:450",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000450"
},
{
"name": "20010315 [SECURITY] DoS vulnerability in ProFTPD",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://online.securityfocus.com/archive/1/169395"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-1501",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The glob functionality in ProFTPD 1.2.1, and possibly other versions allows remote attackers to cause a denial of service (CPU and memory consumption) via commands with large numbers of wildcard and other special characters, as demonstrated using an ls command with multiple (1) \"*/..\", (2) \"*/.*\", or (3) \".*./*?/\" sequences in the argument."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDKSA-2002:005",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2002:005"
},
{
"name": "CLA-2002:450",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000450"
},
{
"name": "20010315 [SECURITY] DoS vulnerability in ProFTPD",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/169395"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-1501",
"datePublished": "2005-06-21T04:00:00",
"dateReserved": "2005-06-21T00:00:00",
"dateUpdated": "2024-08-08T04:58:11.373Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-0542
Vulnerability from cvelistv5
Published
2009-02-12 16:00
Modified
2024-08-07 04:40
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in ProFTPD Server 1.3.1 through 1.3.2rc2 allows remote attackers to execute arbitrary SQL commands via a "%" (percent) character in the username, which introduces a "'" (single quote) character during variable substitution by mod_sql.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:40:04.250Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-1730",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1730"
},
{
"name": "20090210 Re: Another SQL injection in ProFTPd with mod_mysql (probably postgres as well)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/500833/100/0/threaded"
},
{
"name": "[oss-security] 20090211 Re: CVE request for proftpd",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2009/02/11/5"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.proftpd.org/show_bug.cgi?id=3180"
},
{
"name": "[oss-security] 20090211 Re: CVE request for proftpd",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2009/02/11/3"
},
{
"name": "34268",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34268"
},
{
"name": "MDVSA-2009:061",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:061"
},
{
"name": "20090211 Re: Re: Another SQL injection in ProFTPd with mod_mysql (probably postgres as well)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/500852/100/0/threaded"
},
{
"name": "20090210 ProFTPd with mod_mysql Authentication Bypass Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/500851/100/0/threaded"
},
{
"name": "[oss-security] 20090211 CVE request for proftpd",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2009/02/11/1"
},
{
"name": "GLSA-200903-27",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200903-27.xml"
},
{
"name": "8037",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/8037"
},
{
"name": "20090210 Another SQL injection in ProFTPd with mod_mysql (probably postgres as well)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/500823/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-02-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in ProFTPD Server 1.3.1 through 1.3.2rc2 allows remote attackers to execute arbitrary SQL commands via a \"%\" (percent) character in the username, which introduces a \"\u0027\" (single quote) character during variable substitution by mod_sql."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-1730",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1730"
},
{
"name": "20090210 Re: Another SQL injection in ProFTPd with mod_mysql (probably postgres as well)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/500833/100/0/threaded"
},
{
"name": "[oss-security] 20090211 Re: CVE request for proftpd",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2009/02/11/5"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.proftpd.org/show_bug.cgi?id=3180"
},
{
"name": "[oss-security] 20090211 Re: CVE request for proftpd",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2009/02/11/3"
},
{
"name": "34268",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34268"
},
{
"name": "MDVSA-2009:061",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:061"
},
{
"name": "20090211 Re: Re: Another SQL injection in ProFTPd with mod_mysql (probably postgres as well)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/500852/100/0/threaded"
},
{
"name": "20090210 ProFTPd with mod_mysql Authentication Bypass Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/500851/100/0/threaded"
},
{
"name": "[oss-security] 20090211 CVE request for proftpd",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2009/02/11/1"
},
{
"name": "GLSA-200903-27",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200903-27.xml"
},
{
"name": "8037",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/8037"
},
{
"name": "20090210 Another SQL injection in ProFTPd with mod_mysql (probably postgres as well)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/500823/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0542",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in ProFTPD Server 1.3.1 through 1.3.2rc2 allows remote attackers to execute arbitrary SQL commands via a \"%\" (percent) character in the username, which introduces a \"\u0027\" (single quote) character during variable substitution by mod_sql."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-1730",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1730"
},
{
"name": "20090210 Re: Another SQL injection in ProFTPd with mod_mysql (probably postgres as well)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/500833/100/0/threaded"
},
{
"name": "[oss-security] 20090211 Re: CVE request for proftpd",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/02/11/5"
},
{
"name": "http://bugs.proftpd.org/show_bug.cgi?id=3180",
"refsource": "CONFIRM",
"url": "http://bugs.proftpd.org/show_bug.cgi?id=3180"
},
{
"name": "[oss-security] 20090211 Re: CVE request for proftpd",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/02/11/3"
},
{
"name": "34268",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34268"
},
{
"name": "MDVSA-2009:061",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:061"
},
{
"name": "20090211 Re: Re: Another SQL injection in ProFTPd with mod_mysql (probably postgres as well)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/500852/100/0/threaded"
},
{
"name": "20090210 ProFTPd with mod_mysql Authentication Bypass Exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/500851/100/0/threaded"
},
{
"name": "[oss-security] 20090211 CVE request for proftpd",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/02/11/1"
},
{
"name": "GLSA-200903-27",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200903-27.xml"
},
{
"name": "8037",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/8037"
},
{
"name": "20090210 Another SQL injection in ProFTPd with mod_mysql (probably postgres as well)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/500823/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-0542",
"datePublished": "2009-02-12T16:00:00",
"dateReserved": "2009-02-12T00:00:00",
"dateUpdated": "2024-08-07T04:40:04.250Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-6563
Vulnerability from cvelistv5
Published
2006-12-15 11:00
Modified
2024-08-07 20:33
Severity ?
EPSS score ?
Summary
Stack-based buffer overflow in the pr_ctrls_recv_request function in ctrls.c in the mod_ctrls module in ProFTPD before 1.3.1rc1 allows local users to execute arbitrary code via a large reqarglen length value.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:33:59.205Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "21587",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21587"
},
{
"name": "MDKSA-2006:232",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:232"
},
{
"name": "20061213 CORE-2006-1127: ProFTPD Controls Buffer Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/454320/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.proftpd.org/docs/NEWS-1.3.1rc1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.coresecurity.com/?module=ContentMod\u0026action=item\u0026id=1594"
},
{
"name": "20070219 ProFTPD 1.3.0/1.3.0a (mod_ctrls support) Local Buffer Overflow Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/460648/100/0/threaded"
},
{
"name": "OpenPKG-SA-2006.039",
"tags": [
"vendor-advisory",
"x_refsource_OPENPKG",
"x_transferred"
],
"url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.039.html"
},
{
"name": "3330",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/3330"
},
{
"name": "24163",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24163"
},
{
"name": "23473",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23473"
},
{
"name": "GLSA-200702-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200702-02.xml"
},
{
"name": "23371",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23371"
},
{
"name": "ADV-2006-4998",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4998"
},
{
"name": "23392",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23392"
},
{
"name": "20070221 Re: ProFTPD 1.3.0/1.3.0a (mod_ctrls support) Local Buffer Overflow Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/460756/100/0/threaded"
},
{
"name": "proftpd-controls-bo(30906)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30906"
},
{
"name": "2006-0074",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX",
"x_transferred"
],
"url": "http://www.trustix.org/errata/2006/0074/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-12-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the pr_ctrls_recv_request function in ctrls.c in the mod_ctrls module in ProFTPD before 1.3.1rc1 allows local users to execute arbitrary code via a large reqarglen length value."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "21587",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21587"
},
{
"name": "MDKSA-2006:232",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:232"
},
{
"name": "20061213 CORE-2006-1127: ProFTPD Controls Buffer Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/454320/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.proftpd.org/docs/NEWS-1.3.1rc1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.coresecurity.com/?module=ContentMod\u0026action=item\u0026id=1594"
},
{
"name": "20070219 ProFTPD 1.3.0/1.3.0a (mod_ctrls support) Local Buffer Overflow Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/460648/100/0/threaded"
},
{
"name": "OpenPKG-SA-2006.039",
"tags": [
"vendor-advisory",
"x_refsource_OPENPKG"
],
"url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.039.html"
},
{
"name": "3330",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/3330"
},
{
"name": "24163",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24163"
},
{
"name": "23473",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23473"
},
{
"name": "GLSA-200702-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200702-02.xml"
},
{
"name": "23371",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23371"
},
{
"name": "ADV-2006-4998",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4998"
},
{
"name": "23392",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23392"
},
{
"name": "20070221 Re: ProFTPD 1.3.0/1.3.0a (mod_ctrls support) Local Buffer Overflow Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/460756/100/0/threaded"
},
{
"name": "proftpd-controls-bo(30906)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30906"
},
{
"name": "2006-0074",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX"
],
"url": "http://www.trustix.org/errata/2006/0074/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6563",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the pr_ctrls_recv_request function in ctrls.c in the mod_ctrls module in ProFTPD before 1.3.1rc1 allows local users to execute arbitrary code via a large reqarglen length value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21587",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21587"
},
{
"name": "MDKSA-2006:232",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:232"
},
{
"name": "20061213 CORE-2006-1127: ProFTPD Controls Buffer Overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/454320/100/0/threaded"
},
{
"name": "http://www.proftpd.org/docs/NEWS-1.3.1rc1",
"refsource": "CONFIRM",
"url": "http://www.proftpd.org/docs/NEWS-1.3.1rc1"
},
{
"name": "http://www.coresecurity.com/?module=ContentMod\u0026action=item\u0026id=1594",
"refsource": "MISC",
"url": "http://www.coresecurity.com/?module=ContentMod\u0026action=item\u0026id=1594"
},
{
"name": "20070219 ProFTPD 1.3.0/1.3.0a (mod_ctrls support) Local Buffer Overflow Exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/460648/100/0/threaded"
},
{
"name": "OpenPKG-SA-2006.039",
"refsource": "OPENPKG",
"url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.039.html"
},
{
"name": "3330",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3330"
},
{
"name": "24163",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24163"
},
{
"name": "23473",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23473"
},
{
"name": "GLSA-200702-02",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200702-02.xml"
},
{
"name": "23371",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23371"
},
{
"name": "ADV-2006-4998",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4998"
},
{
"name": "23392",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23392"
},
{
"name": "20070221 Re: ProFTPD 1.3.0/1.3.0a (mod_ctrls support) Local Buffer Overflow Exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/460756/100/0/threaded"
},
{
"name": "proftpd-controls-bo(30906)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30906"
},
{
"name": "2006-0074",
"refsource": "TRUSTIX",
"url": "http://www.trustix.org/errata/2006/0074/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-6563",
"datePublished": "2006-12-15T11:00:00",
"dateReserved": "2006-12-14T00:00:00",
"dateUpdated": "2024-08-07T20:33:59.205Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-5815
Vulnerability from cvelistv5
Published
2006-11-08 23:00
Modified
2024-08-07 20:04
Severity ?
EPSS score ?
Summary
Stack-based buffer overflow in the sreplace function in ProFTPD 1.3.0 and earlier allows remote attackers, probably authenticated, to cause a denial of service and execute arbitrary code, as demonstrated by vd_proftpd.pm, a "ProFTPD remote exploit."
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:04:55.597Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2006-4451",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4451"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://gleg.net/vulndisco_meta.shtml"
},
{
"name": "DSA-1222",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1222"
},
{
"name": "MDKSA-2006:217",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:217"
},
{
"name": "23207",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23207"
},
{
"name": "SSA:2006-335-02",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.502491"
},
{
"name": "2006-0066",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX",
"x_transferred"
],
"url": "http://www.trustix.org/errata/2006/0066/"
},
{
"name": "20061127 CVE-2006-5815: remote code execution in ProFTPD",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/452760/100/200/threaded"
},
{
"name": "1017167",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017167"
},
{
"name": "OpenPKG-SA-2006.035",
"tags": [
"vendor-advisory",
"x_refsource_OPENPKG",
"x_transferred"
],
"url": "http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.035-proftpd.html"
},
{
"name": "23174",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23174"
},
{
"name": "MDKSA-2006:217-1",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:217-1"
},
{
"name": "proftpd-code-execution(30147)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30147"
},
{
"name": "2006-0070",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX",
"x_transferred"
],
"url": "http://www.trustix.org/errata/2006/0070"
},
{
"name": "23069",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23069"
},
{
"name": "23000",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23000"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=214820"
},
{
"name": "22821",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22821"
},
{
"name": "23184",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23184"
},
{
"name": "23125",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23125"
},
{
"name": "20992",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20992"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.proftpd.org/show_bug.cgi?id=2858"
},
{
"name": "23179",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23179"
},
{
"name": "GLSA-200611-26",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200611-26.xml"
},
{
"name": "22803",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22803"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-11-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the sreplace function in ProFTPD 1.3.0 and earlier allows remote attackers, probably authenticated, to cause a denial of service and execute arbitrary code, as demonstrated by vd_proftpd.pm, a \"ProFTPD remote exploit.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2006-4451",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4451"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://gleg.net/vulndisco_meta.shtml"
},
{
"name": "DSA-1222",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1222"
},
{
"name": "MDKSA-2006:217",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:217"
},
{
"name": "23207",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23207"
},
{
"name": "SSA:2006-335-02",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.502491"
},
{
"name": "2006-0066",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX"
],
"url": "http://www.trustix.org/errata/2006/0066/"
},
{
"name": "20061127 CVE-2006-5815: remote code execution in ProFTPD",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/452760/100/200/threaded"
},
{
"name": "1017167",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017167"
},
{
"name": "OpenPKG-SA-2006.035",
"tags": [
"vendor-advisory",
"x_refsource_OPENPKG"
],
"url": "http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.035-proftpd.html"
},
{
"name": "23174",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23174"
},
{
"name": "MDKSA-2006:217-1",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:217-1"
},
{
"name": "proftpd-code-execution(30147)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30147"
},
{
"name": "2006-0070",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX"
],
"url": "http://www.trustix.org/errata/2006/0070"
},
{
"name": "23069",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23069"
},
{
"name": "23000",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23000"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=214820"
},
{
"name": "22821",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22821"
},
{
"name": "23184",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23184"
},
{
"name": "23125",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23125"
},
{
"name": "20992",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20992"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.proftpd.org/show_bug.cgi?id=2858"
},
{
"name": "23179",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23179"
},
{
"name": "GLSA-200611-26",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200611-26.xml"
},
{
"name": "22803",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22803"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5815",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the sreplace function in ProFTPD 1.3.0 and earlier allows remote attackers, probably authenticated, to cause a denial of service and execute arbitrary code, as demonstrated by vd_proftpd.pm, a \"ProFTPD remote exploit.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-4451",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4451"
},
{
"name": "http://gleg.net/vulndisco_meta.shtml",
"refsource": "MISC",
"url": "http://gleg.net/vulndisco_meta.shtml"
},
{
"name": "DSA-1222",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1222"
},
{
"name": "MDKSA-2006:217",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:217"
},
{
"name": "23207",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23207"
},
{
"name": "SSA:2006-335-02",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.502491"
},
{
"name": "2006-0066",
"refsource": "TRUSTIX",
"url": "http://www.trustix.org/errata/2006/0066/"
},
{
"name": "20061127 CVE-2006-5815: remote code execution in ProFTPD",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/452760/100/200/threaded"
},
{
"name": "1017167",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017167"
},
{
"name": "OpenPKG-SA-2006.035",
"refsource": "OPENPKG",
"url": "http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.035-proftpd.html"
},
{
"name": "23174",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23174"
},
{
"name": "MDKSA-2006:217-1",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:217-1"
},
{
"name": "proftpd-code-execution(30147)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30147"
},
{
"name": "2006-0070",
"refsource": "TRUSTIX",
"url": "http://www.trustix.org/errata/2006/0070"
},
{
"name": "23069",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23069"
},
{
"name": "23000",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23000"
},
{
"name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=214820",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=214820"
},
{
"name": "22821",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22821"
},
{
"name": "23184",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23184"
},
{
"name": "23125",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23125"
},
{
"name": "20992",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20992"
},
{
"name": "http://bugs.proftpd.org/show_bug.cgi?id=2858",
"refsource": "CONFIRM",
"url": "http://bugs.proftpd.org/show_bug.cgi?id=2858"
},
{
"name": "23179",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23179"
},
{
"name": "GLSA-200611-26",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200611-26.xml"
},
{
"name": "22803",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22803"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-5815",
"datePublished": "2006-11-08T23:00:00",
"dateReserved": "2006-11-08T00:00:00",
"dateUpdated": "2024-08-07T20:04:55.597Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-1999-1475
Vulnerability from cvelistv5
Published
2001-09-12 04:00
Modified
2024-08-01 17:18
Severity ?
EPSS score ?
Summary
ProFTPd 1.2 compiled with the mod_sqlpw module records user passwords in the wtmp log file, which allows local users to obtain the passwords and gain privileges by reading wtmp, e.g. via the last command.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/35483 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/812 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T17:18:07.455Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "19991119 ProFTPd - mod_sqlpw.c",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/35483"
},
{
"name": "812",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/812"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "1999-11-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ProFTPd 1.2 compiled with the mod_sqlpw module records user passwords in the wtmp log file, which allows local users to obtain the passwords and gain privileges by reading wtmp, e.g. via the last command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-03-09T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "19991119 ProFTPd - mod_sqlpw.c",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/35483"
},
{
"name": "812",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/812"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-1475",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ProFTPd 1.2 compiled with the mod_sqlpw module records user passwords in the wtmp log file, which allows local users to obtain the passwords and gain privileges by reading wtmp, e.g. via the last command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19991119 ProFTPd - mod_sqlpw.c",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/35483"
},
{
"name": "812",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/812"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-1999-1475",
"datePublished": "2001-09-12T04:00:00",
"dateReserved": "2001-08-31T00:00:00",
"dateUpdated": "2024-08-01T17:18:07.455Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2008-09-25 19:25
Modified
2024-11-21 00:51
Severity ?
Summary
ProFTPD 1.3.1 interprets long commands from an FTP client as multiple commands, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and execute arbitrary FTP commands via a long ftp:// URI that leverages an existing session from the FTP client implementation in a web browser.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| proftpd_project | proftpd | 1.3.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:proftpd_project:proftpd:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "71965620-399A-450C-95A5-5B327438768A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ProFTPD 1.3.1 interprets long commands from an FTP client as multiple commands, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and execute arbitrary FTP commands via a long ftp:// URI that leverages an existing session from the FTP client implementation in a web browser."
},
{
"lang": "es",
"value": "ProFTPD v1.3.1 interpreta como m\u00faltiples comandos los comandos largos de un cliente FTP, lo que permite a atacantes remotos llevar a cabo ataques de falsificaci\u00f3n de petici\u00f3n en sitios cruzados (CSFR) y ejecutar comdos FTP de su elecci\u00f3n a trav\u00e9s de una URI ftp:// larga que aprovecha la sesi\u00f3n existente en la implementaci\u00f3n de cliente FTP en un navegador web."
}
],
"id": "CVE-2008-4242",
"lastModified": "2024-11-21T00:51:14.947",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-09-25T19:25:18.693",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bugs.proftpd.org/show_bug.cgi?id=3115"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31930"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/33261"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/33413"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/achievement_securityalert/56"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/4313"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2008/dsa-1689"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:061"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/31289"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1020945"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45274"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00078.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00245.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.proftpd.org/show_bug.cgi?id=3115"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31930"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/33261"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/33413"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/achievement_securityalert/56"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/4313"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2008/dsa-1689"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:061"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/31289"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1020945"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45274"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00078.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00245.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-11-08 23:07
Modified
2024-11-21 00:20
Severity ?
Summary
Stack-based buffer overflow in the sreplace function in ProFTPD 1.3.0 and earlier allows remote attackers, probably authenticated, to cause a denial of service and execute arbitrary code, as demonstrated by vd_proftpd.pm, a "ProFTPD remote exploit."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| proftpd_project | proftpd | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:proftpd_project:proftpd:*:*:*:*:*:*:*:*",
"matchCriteriaId": "70984BA9-2E11-4463-81AF-DF7F663F8258",
"versionEndIncluding": "1.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the sreplace function in ProFTPD 1.3.0 and earlier allows remote attackers, probably authenticated, to cause a denial of service and execute arbitrary code, as demonstrated by vd_proftpd.pm, a \"ProFTPD remote exploit.\""
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en pila en la funci\u00f3n sreplace en ProFTPD 1.3.0 y anteriores permite a atacantes remotos, probablemente autentificados, provocar denegaci\u00f3n de servicio y ejecutar c\u00f3digo de su elecci\u00f3n, como se demostr\u00f3 con vd_proftpd.pm, un \"exploit remoto ProFTPD\"."
}
],
"evaluatorComment": "An off-by-one string manipulation flaw in ProFTPD\u0027s sreplace() function exists allowing a remote attacker to execute arbitrary code.\r\n",
"id": "CVE-2006-5815",
"lastModified": "2024-11-21T00:20:39.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-11-08T23:07:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bugs.proftpd.org/show_bug.cgi?id=2858"
},
{
"source": "cve@mitre.org",
"url": "http://gleg.net/vulndisco_meta.shtml"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22803"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22821"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23000"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23069"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23125"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23174"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23179"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23184"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23207"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1017167"
},
{
"source": "cve@mitre.org",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.502491"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2006/dsa-1222"
},
{
"source": "cve@mitre.org",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200611-26.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:217"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:217-1"
},
{
"source": "cve@mitre.org",
"url": "http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.035-proftpd.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/452760/100/200/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/20992"
},
{
"source": "cve@mitre.org",
"url": "http://www.trustix.org/errata/2006/0066/"
},
{
"source": "cve@mitre.org",
"url": "http://www.trustix.org/errata/2006/0070"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/4451"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=214820"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30147"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.proftpd.org/show_bug.cgi?id=2858"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://gleg.net/vulndisco_meta.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22803"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22821"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23000"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23069"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23125"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23174"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23179"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23184"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23207"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1017167"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.502491"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2006/dsa-1222"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200611-26.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:217"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:217-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.035-proftpd.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/452760/100/200/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/20992"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.trustix.org/errata/2006/0066/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.trustix.org/errata/2006/0070"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/4451"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=214820"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30147"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2001-06-02 04:00
Modified
2024-11-20 23:35
Severity ?
Summary
Format string vulnerability in ProFTPD 1.2.0rc2 may allow attackers to execute arbitrary commands by shutting down the FTP server while using a malformed working directory (cwd).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| proftpd_project | proftpd | 1.2.0_rc2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:proftpd_project:proftpd:1.2.0_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "EE12C338-EE8E-4E28-8E18-9C4FCC9D063D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in ProFTPD 1.2.0rc2 may allow attackers to execute arbitrary commands by shutting down the FTP server while using a malformed working directory (cwd)."
}
],
"id": "CVE-2001-0318",
"lastModified": "2024-11-20T23:35:06.300",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2001-06-02T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-02/0117.html"
},
{
"source": "cve@mitre.org",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000380"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=97916525715657\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2001/dsa-029"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-021.php3"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6433"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-02/0117.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000380"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=97916525715657\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2001/dsa-029"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-021.php3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6433"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2001-12-31 05:00
Modified
2024-11-20 23:37
Severity ?
Summary
ProFTPD 1.2.2rc2, and possibly other versions, does not properly verify reverse-resolved hostnames by performing forward resolution, which allows remote attackers to bypass ACLs or cause an incorrect client hostname to be logged.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| proftpd_project | proftpd | 1.2 | |
| proftpd_project | proftpd | 1.2.0_rc3 | |
| proftpd_project | proftpd | 1.2.1 | |
| proftpd_project | proftpd | 1.2.2 | |
| proftpd_project | proftpd | 1.2.2_rc1 | |
| proftpd_project | proftpd | 1.2.2_rc2 | |
| proftpd_project | proftpd | 1.2_pre1 | |
| proftpd_project | proftpd | 1.2_pre2 | |
| proftpd_project | proftpd | 1.2_pre3 | |
| proftpd_project | proftpd | 1.2_pre4 | |
| proftpd_project | proftpd | 1.2_pre5 | |
| proftpd_project | proftpd | 1.2_pre6 | |
| proftpd_project | proftpd | 1.2_pre7 | |
| proftpd_project | proftpd | 1.2_pre8 | |
| proftpd_project | proftpd | 1.2_pre9 | |
| proftpd_project | proftpd | 1.2_pre10 | |
| proftpd_project | proftpd | 1.2_pre11 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:proftpd_project:proftpd:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CE2243B4-8E0C-46BC-A003-EF52C30A030E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:proftpd_project:proftpd:1.2.0_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "33E7C8D7-5F57-4B49-B404-DB4DAE273926",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:proftpd_project:proftpd:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B8BBF8B2-02E6-4A53-A5FC-DA8D39171753",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:proftpd_project:proftpd:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C9280692-0AB9-4C1F-804C-CB088E5E4483",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:proftpd_project:proftpd:1.2.2_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "F108D73C-1107-41DE-9DDB-505ABAF6E34D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:proftpd_project:proftpd:1.2.2_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "BD7D3BDE-2200-4A5A-B149-DF4D52145A04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:proftpd_project:proftpd:1.2_pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "CE1015CB-9A33-48D5-861A-A1FC0D8D0FA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:proftpd_project:proftpd:1.2_pre2:*:*:*:*:*:*:*",
"matchCriteriaId": "66C825FE-91EC-43A2-9EEA-65A31DF46570",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:proftpd_project:proftpd:1.2_pre3:*:*:*:*:*:*:*",
"matchCriteriaId": "1C563389-39DB-45BA-9C84-DD6837900440",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:proftpd_project:proftpd:1.2_pre4:*:*:*:*:*:*:*",
"matchCriteriaId": "E2ABE74B-3D17-45D9-A87A-CE562DDB4454",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:proftpd_project:proftpd:1.2_pre5:*:*:*:*:*:*:*",
"matchCriteriaId": "9166C42C-340D-4E7E-915C-BC2E4A373ACE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:proftpd_project:proftpd:1.2_pre6:*:*:*:*:*:*:*",
"matchCriteriaId": "25C586B4-670E-448B-8DFD-EE08F530BC3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:proftpd_project:proftpd:1.2_pre7:*:*:*:*:*:*:*",
"matchCriteriaId": "C9AED91C-8428-40F0-9E47-FF3FE7CAB067",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:proftpd_project:proftpd:1.2_pre8:*:*:*:*:*:*:*",
"matchCriteriaId": "114C3C5D-B227-4DE7-8485-1AE4B5E5E232",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:proftpd_project:proftpd:1.2_pre9:*:*:*:*:*:*:*",
"matchCriteriaId": "0825C72A-DF19-44E4-9DCF-7F7047C1C582",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:proftpd_project:proftpd:1.2_pre10:*:*:*:*:*:*:*",
"matchCriteriaId": "CB8D658A-726D-4CB2-A07B-287A8EB3CB9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:proftpd_project:proftpd:1.2_pre11:*:*:*:*:*:*:*",
"matchCriteriaId": "C3ED09E8-2852-464B-9721-340F8F8C3B2E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ProFTPD 1.2.2rc2, and possibly other versions, does not properly verify reverse-resolved hostnames by performing forward resolution, which allows remote attackers to bypass ACLs or cause an incorrect client hostname to be logged."
}
],
"id": "CVE-2001-1500",
"lastModified": "2024-11-20T23:37:50.053",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2001-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000450"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2002:005"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/212805"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/3310"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7126"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000450"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2002:005"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/212805"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/3310"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7126"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
1999-11-19 05:00
Modified
2024-11-20 23:31
Severity ?
Summary
ProFTPd 1.2 compiled with the mod_sqlpw module records user passwords in the wtmp log file, which allows local users to obtain the passwords and gain privileges by reading wtmp, e.g. via the last command.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/archive/1/35483 | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/812 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/35483 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/812 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| proftpd_project | proftpd | 1.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:proftpd_project:proftpd:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CE2243B4-8E0C-46BC-A003-EF52C30A030E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ProFTPd 1.2 compiled with the mod_sqlpw module records user passwords in the wtmp log file, which allows local users to obtain the passwords and gain privileges by reading wtmp, e.g. via the last command."
}
],
"id": "CVE-1999-1475",
"lastModified": "2024-11-20T23:31:12.337",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "1999-11-19T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/archive/1/35483"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/812"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/archive/1/35483"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/812"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-11-30 15:28
Modified
2024-11-21 00:22
Severity ?
Summary
Buffer overflow in the tls_x509_name_oneline function in the mod_tls module, as used in ProFTPD 1.3.0a and earlier, and possibly other products, allows remote attackers to execute arbitrary code via a large data length argument, a different vulnerability than CVE-2006-5815.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| proftpd_project | proftpd | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:proftpd_project:proftpd:*:*:*:*:*:*:*:*",
"matchCriteriaId": "743C1E0F-3365-49C0-99A3-628586B77FCC",
"versionEndIncluding": "1.3.0a",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the tls_x509_name_oneline function in the mod_tls module, as used in ProFTPD 1.3.0a and earlier, and possibly other products, allows remote attackers to execute arbitrary code via a large data length argument, a different vulnerability than CVE-2006-5815."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en la funci\u00f3n tls_x509_name_oneline en el m\u00f3dulo mod_tls, tal y como se usa en ProFTPD 1.3.0a y versiones anteriores, y posiblemente otros productos, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante un argumento con datos de gran longitud.\r\nVulnerabilidad distinta a CVE-2006-5815."
}
],
"id": "CVE-2006-6170",
"lastModified": "2024-11-21T00:22:03.843",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-11-30T15:28:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://elegerov.blogspot.com/2006/10/do-you-remember-2-years-old-overflow.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-November/050935.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23141"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/23174"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/23179"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/23184"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/23207"
},
{
"source": "cve@mitre.org",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.502491"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2006/dsa-1222"
},
{
"source": "cve@mitre.org",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200611-26.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:217-1"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/452228/100/100/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/452872/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/452993/100/100/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/21326"
},
{
"source": "cve@mitre.org",
"url": "http://www.trustix.org/errata/2006/0066"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/4745"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=214820"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30554"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://elegerov.blogspot.com/2006/10/do-you-remember-2-years-old-overflow.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-November/050935.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23141"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/23174"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/23179"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/23184"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/23207"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.502491"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2006/dsa-1222"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200611-26.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:217-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/452228/100/100/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/452872/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/452993/100/100/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/21326"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.trustix.org/errata/2006/0066"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/4745"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=214820"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30554"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2001-02-12 05:00
Modified
2024-11-20 23:34
Severity ?
Summary
mod_sqlpw module in ProFTPD does not reset a cached password when a user uses the "user" command to change accounts, which allows authenticated attackers to gain privileges of other users.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| proftpd_project | proftpd | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:proftpd_project:proftpd:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1820DABA-99C8-4DE4-BAEB-B6243B9BC417",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "mod_sqlpw module in ProFTPD does not reset a cached password when a user uses the \"user\" command to change accounts, which allows authenticated attackers to gain privileges of other users."
}
],
"id": "CVE-2001-0027",
"lastModified": "2024-11-20T23:34:25.640",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2001-02-12T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-12/0139.html"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5737"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-12/0139.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5737"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
1999-08-27 04:00
Modified
2024-11-20 23:29
Severity ?
Summary
Buffer overflow in ProFTPD, wu-ftpd, and beroftpd allows remote attackers to gain root access via a series of MKD and CWD commands that create nested directories.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| proftpd_project | proftpd | 1.2_pre1 | |
| proftpd_project | proftpd | 1.2_pre2 | |
| proftpd_project | proftpd | 1.2_pre3 | |
| proftpd_project | proftpd | 1.2_pre4 | |
| proftpd_project | proftpd | 1.2_pre5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:proftpd_project:proftpd:1.2_pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "CE1015CB-9A33-48D5-861A-A1FC0D8D0FA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:proftpd_project:proftpd:1.2_pre2:*:*:*:*:*:*:*",
"matchCriteriaId": "66C825FE-91EC-43A2-9EEA-65A31DF46570",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:proftpd_project:proftpd:1.2_pre3:*:*:*:*:*:*:*",
"matchCriteriaId": "1C563389-39DB-45BA-9C84-DD6837900440",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:proftpd_project:proftpd:1.2_pre4:*:*:*:*:*:*:*",
"matchCriteriaId": "E2ABE74B-3D17-45D9-A87A-CE562DDB4454",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:proftpd_project:proftpd:1.2_pre5:*:*:*:*:*:*:*",
"matchCriteriaId": "9166C42C-340D-4E7E-915C-BC2E4A373ACE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in ProFTPD, wu-ftpd, and beroftpd allows remote attackers to gain root access via a series of MKD and CWD commands that create nested directories."
}
],
"id": "CVE-1999-0911",
"lastModified": "2024-11-20T23:29:49.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "1999-08-27T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/1999/19990210"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/612"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/1999/19990210"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/612"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-12-15 11:28
Modified
2024-11-21 00:22
Severity ?
Summary
Stack-based buffer overflow in the pr_ctrls_recv_request function in ctrls.c in the mod_ctrls module in ProFTPD before 1.3.1rc1 allows local users to execute arbitrary code via a large reqarglen length value.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| proftpd_project | proftpd | 1.3.0 | |
| proftpd_project | proftpd | 1.3.0a |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:proftpd_project:proftpd:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0145065F-44D0-4E1F-AA2B-1A1B2550E2AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:proftpd_project:proftpd:1.3.0a:*:*:*:*:*:*:*",
"matchCriteriaId": "73C76602-73FC-4273-9A46-E4B1DDAA5A23",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the pr_ctrls_recv_request function in ctrls.c in the mod_ctrls module in ProFTPD before 1.3.1rc1 allows local users to execute arbitrary code via a large reqarglen length value."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en pila en la funci\u00f3n pr_ctrls_recv_request en ctrls.c en el m\u00f3dulo mod_ctrls en ProFTPD anterior a 1.3.1rc1 permite a un usuario local ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s del valor de longitud reqarglen."
}
],
"evaluatorSolution": "This vulnerability is addressed in the following product update:\r\nProFTPD Project, ProFTPD, 1.3.1rc1",
"id": "CVE-2006-6563",
"lastModified": "2024-11-21T00:22:59.310",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.6,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 2.7,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-12-15T11:28:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23371"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/23392"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/23473"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/24163"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200702-02.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.coresecurity.com/?module=ContentMod\u0026action=item\u0026id=1594"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:232"
},
{
"source": "cve@mitre.org",
"url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.039.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.proftpd.org/docs/NEWS-1.3.1rc1"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/454320/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/460648/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/460756/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/21587"
},
{
"source": "cve@mitre.org",
"url": "http://www.trustix.org/errata/2006/0074/"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/4998"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30906"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/3330"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23371"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/23392"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/23473"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/24163"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200702-02.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.coresecurity.com/?module=ContentMod\u0026action=item\u0026id=1594"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:232"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.039.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.proftpd.org/docs/NEWS-1.3.1rc1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/454320/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/460648/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/460756/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/21587"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.trustix.org/errata/2006/0074/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/4998"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30906"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/3330"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2001-12-31 05:00
Modified
2024-11-20 23:37
Severity ?
Summary
The glob functionality in ProFTPD 1.2.1, and possibly other versions allows remote attackers to cause a denial of service (CPU and memory consumption) via commands with large numbers of wildcard and other special characters, as demonstrated using an ls command with multiple (1) "*/..", (2) "*/.*", or (3) ".*./*?/" sequences in the argument.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| proftpd_project | proftpd | 1.2.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:proftpd_project:proftpd:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B8BBF8B2-02E6-4A53-A5FC-DA8D39171753",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The glob functionality in ProFTPD 1.2.1, and possibly other versions allows remote attackers to cause a denial of service (CPU and memory consumption) via commands with large numbers of wildcard and other special characters, as demonstrated using an ls command with multiple (1) \"*/..\", (2) \"*/.*\", or (3) \".*./*?/\" sequences in the argument."
}
],
"id": "CVE-2001-1501",
"lastModified": "2024-11-20T23:37:50.200",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2001-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000450"
},
{
"source": "cve@mitre.org",
"url": "http://online.securityfocus.com/archive/1/169395"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2002:005"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000450"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://online.securityfocus.com/archive/1/169395"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2002:005"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
1999-02-09 05:00
Modified
2024-11-20 23:28
Severity ?
Summary
Buffer overflows in wuarchive ftpd (wu-ftpd) and ProFTPD lead to remote root access, a.k.a. palmetto.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| proftpd_project | proftpd | 1.2_pre1 | |
| washington_university | wu-ftpd | 2.4.2_beta18 | |
| washington_university | wu-ftpd | 2.4.2_beta18_vr9 | |
| caldera | openlinux | 1.3 | |
| debian | debian_linux | 2.0 | |
| redhat | linux | 5.0 | |
| redhat | linux | 5.1 | |
| sco | openserver | 5.0 | |
| sco | openserver | 5.0.2 | |
| sco | openserver | 5.0.3 | |
| sco | openserver | 5.0.4 | |
| sco | openserver | 5.0.5 | |
| sco | unixware | 7.0 | |
| sco | unixware | 7.0.1 | |
| slackware | slackware_linux | 3.4 | |
| slackware | slackware_linux | 3.5 | |
| slackware | slackware_linux | 3.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:proftpd_project:proftpd:1.2_pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "CE1015CB-9A33-48D5-861A-A1FC0D8D0FA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18:*:*:*:*:*:*:*",
"matchCriteriaId": "2D48DE48-5216-42AB-BEA8-EA490C5D4278",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr9:*:*:*:*:*:*:*",
"matchCriteriaId": "4989799F-143A-45E5-A30C-9E3203649770",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:caldera:openlinux:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EED21F27-4ADA-42AC-B28E-F849F47D4043",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "203BDD63-2FA5-42FD-A9CD-6BDBB41A63C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:linux:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4BF54738-3C44-4FD4-AA9C-CAB2E86B1DC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:linux:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4EF44364-0F57-4B74-81B0-501EA6B58501",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sco:openserver:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2C19F7B3-9043-4E53-90DE-92A4387858A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sco:openserver:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0169CBF5-9301-42D2-A6DA-73393BD986D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sco:openserver:5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6236FA51-E996-4E84-A8CC-2635A814CCC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sco:openserver:5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "035FBF8B-EB91-4211-9979-8A9E913A54A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sco:openserver:5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B8BA72B4-C4AF-41C6-92ED-30B286E00EF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sco:unixware:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "17439B5B-0B66-490B-9B53-2C9D576C879F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:sco:unixware:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EF9FD7BF-97E4-426D-881F-03C9D5B8895D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:slackware:slackware_linux:3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E6732144-10D4-4114-A7DA-32157EE3EF38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:slackware:slackware_linux:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "125918E7-53BB-407A-8D95-5D95CDF39A88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:slackware:slackware_linux:3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "CE0BBA4F-C61A-4A8E-A7E2-CE0DF76DF592",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflows in wuarchive ftpd (wu-ftpd) and ProFTPD lead to remote root access, a.k.a. palmetto."
}
],
"id": "CVE-1999-0368",
"lastModified": "2024-11-20T23:28:34.363",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "1999-02-09T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0368"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0368"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-11-30 15:28
Modified
2024-11-21 00:22
Severity ?
Summary
ProFTPD 1.3.0a and earlier does not properly set the buffer size limit when CommandBufferSize is specified in the configuration file, which leads to an off-by-two buffer underflow. NOTE: in November 2006, the role of CommandBufferSize was originally associated with CVE-2006-5815, but this was an error stemming from a vague initial disclosure. NOTE: ProFTPD developers dispute this issue, saying that the relevant memory location is overwritten by assignment before further use within the affected function, so this is not a vulnerability
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| proftpd_project | proftpd | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:proftpd_project:proftpd:*:*:*:*:*:*:*:*",
"matchCriteriaId": "743C1E0F-3365-49C0-99A3-628586B77FCC",
"versionEndIncluding": "1.3.0a",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
"tags": [
"disputed"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ProFTPD 1.3.0a and earlier does not properly set the buffer size limit when CommandBufferSize is specified in the configuration file, which leads to an off-by-two buffer underflow. NOTE: in November 2006, the role of CommandBufferSize was originally associated with CVE-2006-5815, but this was an error stemming from a vague initial disclosure. NOTE: ProFTPD developers dispute this issue, saying that the relevant memory location is overwritten by assignment before further use within the affected function, so this is not a vulnerability"
},
{
"lang": "es",
"value": "** IMPUGNADO ** ProFTPD 1.3.0a y versiones anteriores no asigna apropiadamente el l\u00edmite del b\u00fafer cuando se especifica CommandBufferSize en el fichero de configuraci\u00f3n, lo que conduce a un desbordamiento inferior de b\u00fafer por superaci\u00f3n de l\u00edmite (off-by-twho).\r\nNOTA: En Noviembre de 2006, el rol de CommandBufferSize fue originalmente asociado con CVE-2006-5815, lo cual fue erroneo debido a un vago descubrimiento inicial.\r\nNOTA: Los desarrolladores de ProFTPD impugnaron esta vulnerabilidad, diciendo que la ubicaci\u00f3n de memoria es sobre-escrita por asignaci\u00f3n antes de ser usada con la funci\u00f3n afectada, as\u00ed que no es una vulnerabilidad."
}
],
"id": "CVE-2006-6171",
"lastModified": "2024-11-21T00:22:04.017",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-11-30T15:28:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://proftp.cvs.sourceforge.net/proftp/proftpd/src/main.c?r1=1.292\u0026r2=1.293\u0026sortby=date"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/23174"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/23179"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/23184"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/23207"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/23329"
},
{
"source": "cve@mitre.org",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.502491"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2006/dsa-1218"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2006/dsa-1222"
},
{
"source": "cve@mitre.org",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200611-26.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:217-1"
},
{
"source": "cve@mitre.org",
"url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.035.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.trustix.org/errata/2006/0070"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=214820"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://proftp.cvs.sourceforge.net/proftp/proftpd/src/main.c?r1=1.292\u0026r2=1.293\u0026sortby=date"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/23174"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/23179"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/23184"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/23207"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/23329"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2006\u0026m=slackware-security.502491"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2006/dsa-1218"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2006/dsa-1222"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200611-26.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:217-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.035.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.trustix.org/errata/2006/0070"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=214820"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-04-22 19:19
Modified
2024-11-21 00:30
Severity ?
Summary
The Auth API in ProFTPD before 20070417, when multiple simultaneous authentication modules are configured, does not require that the module that checks authentication is the same as the module that retrieves authentication data, which might allow remote attackers to bypass authentication, as demonstrated by use of SQLAuthTypes Plaintext in mod_sql, with data retrieved from /etc/passwd.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| proftpd_project | proftpd | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:proftpd_project:proftpd:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B84D8596-CC91-4BE7-932D-EF6BDFD47561",
"versionEndIncluding": "1.3.0_rc1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Auth API in ProFTPD before 20070417, when multiple simultaneous authentication modules are configured, does not require that the module that checks authentication is the same as the module that retrieves authentication data, which might allow remote attackers to bypass authentication, as demonstrated by use of SQLAuthTypes Plaintext in mod_sql, with data retrieved from /etc/passwd."
},
{
"lang": "es",
"value": "El API en ProFTPD anterior 20070417, cuando \t\r\nse configuran m\u00faltiples m\u00f3dulos de validaci\u00f3n de forma simultanea, no requiere que el m\u00f3dulo que valida la autenticaci\u00f3n en el mismo m\u00f3dulo que recupera los datos de validaci\u00f3n, lo cual podr\u00eda permitir a atacantes remotos evitar la validaci\u00f3n, como se demostr\u00f3 con el uso SQLAuthTypes Plaintext en mod_sql, con datos recuperados de /etc/passwd."
}
],
"id": "CVE-2007-2165",
"lastModified": "2024-11-21T00:30:04.450",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-04-22T19:19:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=419255"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://bugs.proftpd.org/show_bug.cgi?id=2922"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/34602"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24867"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/25724"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/27516"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://securitytracker.com/id?1017931"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:130"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/23546"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/1444"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=237533"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33733"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00065.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=419255"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://bugs.proftpd.org/show_bug.cgi?id=2922"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/34602"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24867"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/25724"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/27516"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://securitytracker.com/id?1017931"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:130"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/23546"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/1444"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=237533"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33733"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00065.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-08-18 04:00
Modified
2024-11-20 23:48
Severity ?
Summary
ProFTPD 1.2.9 treats the Allow and Deny directives for CIDR based ACL entries as if they were AllowAll, which could allow FTP clients to bypass intended access restrictions.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:proftpd_project:proftpd:1.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "C2C1A60B-D79B-4EE3-9E48-83AF875AD062",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:gentoo:linux:0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "980553F2-8662-47CF-95F0-645141746AEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:gentoo:linux:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "40EBF1CD-B392-4262-8F06-2C784ADAF0F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:gentoo:linux:1.1a:*:*:*:*:*:*:*",
"matchCriteriaId": "9C00F84A-FCD4-4935-B7DE-ECBA6AE9B074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:gentoo:linux:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "960DC6C2-B285-41D4-96F7-ED97F8BD5482",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:gentoo:linux:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "65ED9D8C-604D-4B0B-A192-C0DA4D2E9AEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:gentoo:linux:1.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D1FD0EB4-E744-4465-AFEE-A3C807C9C993",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:gentoo:linux:1.4:rc2:*:*:*:*:*:*",
"matchCriteriaId": "1D866A7D-F0B9-4EA3-93C6-1E7C2C2A861F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:gentoo:linux:1.4:rc3:*:*:*:*:*:*",
"matchCriteriaId": "57772E3B-893C-408A-AA3B-78C972ED4D5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:trustix:secure_linux:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "53AF1A2D-B0A2-4097-AD1D-DF3AF27171BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:trustix:secure_linux:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A67735E5-E43E-4164-BDB2-ADC6E0288E9F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ProFTPD 1.2.9 treats the Allow and Deny directives for CIDR based ACL entries as if they were AllowAll, which could allow FTP clients to bypass intended access restrictions."
},
{
"lang": "es",
"value": "ProFTPD 1.2.9 trata las directivas Permitir y Denegar para ACLS basadas en CIDR como si fueran AllowAll (Permitir Todo), lo que podr\u00eda permitir a clientes FTP saltarse las restricciones de acceso pretendidas."
}
],
"id": "CVE-2004-0432",
"lastModified": "2024-11-20T23:48:35.217",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-08-18T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bugs.proftpd.org/show_bug.cgi?id=2267"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=108335030208523\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=108335051011341\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/11527"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:041"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/10252"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16038"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.proftpd.org/show_bug.cgi?id=2267"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=108335030208523\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=108335051011341\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/11527"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:041"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/10252"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16038"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-12-31 05:00
Modified
2024-11-21 00:05
Severity ?
Summary
Buffer overflow in mod_radius in ProFTPD before 1.3.0rc2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long password.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:proftpd_project:proftpd:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CE2243B4-8E0C-46BC-A003-EF52C30A030E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:proftpd_project:proftpd:1.2.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "3704E3B8-C1CE-442F-B69D-0ED9EDAD5D2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:proftpd_project:proftpd:1.2.0_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "EE12C338-EE8E-4E28-8E18-9C4FCC9D063D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:proftpd_project:proftpd:1.2.0_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "33E7C8D7-5F57-4B49-B404-DB4DAE273926",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:proftpd_project:proftpd:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B8BBF8B2-02E6-4A53-A5FC-DA8D39171753",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:proftpd_project:proftpd:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C9280692-0AB9-4C1F-804C-CB088E5E4483",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:proftpd_project:proftpd:1.2.2_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "F108D73C-1107-41DE-9DDB-505ABAF6E34D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:proftpd_project:proftpd:1.2.2_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "34D3C65A-3EE0-4BF1-AB0E-E5D4B01DED2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:proftpd_project:proftpd:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8488C93D-2826-47BE-AE6D-A523199BA7D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:proftpd_project:proftpd:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FD18DE8B-E0E2-43DA-A365-FCCAED59A623",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:proftpd_project:proftpd:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F3591365-5973-450F-A3F5-2EA0247A9571",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:proftpd_project:proftpd:1.2.5_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "85FFCBDF-B1A2-4B93-A2ED-83EA4FE52E1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:proftpd_project:proftpd:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "48F8C767-468C-448B-8CA8-9DCD43A4BD8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:proftpd_project:proftpd:1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "31D12FAE-5839-4123-876E-0A32DA2B1A42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:proftpd_project:proftpd:1.2.7_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "0D8C629A-5D13-4DE2-A866-DC99C8D0A761",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:proftpd_project:proftpd:1.2.7_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "3A879A73-C624-4D47-A748-9EAC73EC8DBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:proftpd_project:proftpd:1.2.7_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "53CC91C6-C680-469E-A103-691FAA1CF344",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:proftpd_project:proftpd:1.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C11D565E-0A90-4093-AA87-34A6DAE68E88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:proftpd_project:proftpd:1.2.8_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "E8B4A0D9-071F-4F0E-9826-054D5651773C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:proftpd_project:proftpd:1.2.8_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "918684E1-D1B5-48C6-B413-2FE86379EFF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:proftpd_project:proftpd:1.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "C2C1A60B-D79B-4EE3-9E48-83AF875AD062",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:proftpd_project:proftpd:1.2.9_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "A9C5CBBA-43CE-4D77-9DA4-D4C4E010978B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:proftpd_project:proftpd:1.2.9_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "89CD92BA-407E-4089-A98F-6D1309D8C294",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:proftpd_project:proftpd:1.2.9_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "E3EA91F4-AC66-4A9E-B3B0-AB9B52257DCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:proftpd_project:proftpd:1.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "0DB59FBA-AD15-453A-A3CA-7673D005920C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:proftpd_project:proftpd:1.2_pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "CE1015CB-9A33-48D5-861A-A1FC0D8D0FA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:proftpd_project:proftpd:1.2_pre2:*:*:*:*:*:*:*",
"matchCriteriaId": "66C825FE-91EC-43A2-9EEA-65A31DF46570",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:proftpd_project:proftpd:1.2_pre3:*:*:*:*:*:*:*",
"matchCriteriaId": "1C563389-39DB-45BA-9C84-DD6837900440",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:proftpd_project:proftpd:1.2_pre4:*:*:*:*:*:*:*",
"matchCriteriaId": "E2ABE74B-3D17-45D9-A87A-CE562DDB4454",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:proftpd_project:proftpd:1.2_pre5:*:*:*:*:*:*:*",
"matchCriteriaId": "9166C42C-340D-4E7E-915C-BC2E4A373ACE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:proftpd_project:proftpd:1.2_pre6:*:*:*:*:*:*:*",
"matchCriteriaId": "25C586B4-670E-448B-8DFD-EE08F530BC3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:proftpd_project:proftpd:1.2_pre7:*:*:*:*:*:*:*",
"matchCriteriaId": "C9AED91C-8428-40F0-9E47-FF3FE7CAB067",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:proftpd_project:proftpd:1.2_pre8:*:*:*:*:*:*:*",
"matchCriteriaId": "114C3C5D-B227-4DE7-8485-1AE4B5E5E232",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:proftpd_project:proftpd:1.2_pre9:*:*:*:*:*:*:*",
"matchCriteriaId": "0825C72A-DF19-44E4-9DCF-7F7047C1C582",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:proftpd_project:proftpd:1.2_pre10:*:*:*:*:*:*:*",
"matchCriteriaId": "CB8D658A-726D-4CB2-A07B-287A8EB3CB9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:proftpd_project:proftpd:1.2_pre11:*:*:*:*:*:*:*",
"matchCriteriaId": "C3ED09E8-2852-464B-9721-340F8F8C3B2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:proftpd_project:proftpd:1.3.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "7DAED483-3825-493E-978D-9047A1F7087B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in mod_radius in ProFTPD before 1.3.0rc2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long password."
}
],
"id": "CVE-2005-4816",
"lastModified": "2024-11-21T00:05:15.100",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/dailydave/2006-q1/0122.html"
},
{
"source": "cve@mitre.org",
"url": "http://bugs.proftpd.org/show_bug.cgi?id=2658"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2007/dsa-1245"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/23063"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/16535"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/dailydave/2006-q1/0122.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.proftpd.org/show_bug.cgi?id=2658"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2007/dsa-1245"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/23063"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/16535"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2003-08-07 04:00
Modified
2024-11-20 23:44
Severity ?
Summary
SQL injection vulnerability in the PostgreSQL authentication module (mod_sql_postgres) for ProFTPD before 1.2.9rc1 allows remote attackers to execute arbitrary SQL and gain privileges by bypassing authentication or stealing passwords via the USER name.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| proftpd_project | proftpd | 1.2.9_rc1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:proftpd_project:proftpd:1.2.9_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "A9C5CBBA-43CE-4D77-9DA4-D4C4E010978B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the PostgreSQL authentication module (mod_sql_postgres) for ProFTPD before 1.2.9rc1 allows remote attackers to execute arbitrary SQL and gain privileges by bypassing authentication or stealing passwords via the USER name."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n de SQL en el m\u00f3dulo de autenticaci\u00f3n de PostgreSQL (mod_sql_postgress) de ProFTPD anteriores a 1.2.9rc1 permite a atacantes remotos ejecutar SLQ arbitrario y ganar privilegios salt\u00e1ndose la autenticaci\u00f3n o robando contrase\u00f1as mediante nombre de usuario (comando USER)."
}
],
"id": "CVE-2003-0500",
"lastModified": "2024-11-20T23:44:52.990",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2003-08-07T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-June/005826.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2003/dsa-338"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-June/005826.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2003/dsa-338"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-07-27 04:00
Modified
2024-11-20 23:59
Severity ?
Summary
Multiple format string vulnerabilities in ProFTPD before 1.3.0rc2 allow attackers to cause a denial of service or obtain sensitive information via (1) certain inputs to the shutdown message from ftpshut, or (2) the SQLShowInfo mod_sql directive.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:proftpd_project:proftpd:1.2.0_pre9:*:*:*:*:*:*:*",
"matchCriteriaId": "27D0097C-ED4C-407B-B363-AFE6BE547199",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:proftpd_project:proftpd:1.2.0_pre10:*:*:*:*:*:*:*",
"matchCriteriaId": "EFA7079C-7203-4018-B39C-4BE7B13B5EBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:proftpd_project:proftpd:1.2.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "3704E3B8-C1CE-442F-B69D-0ED9EDAD5D2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:proftpd_project:proftpd:1.2.0_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "EE12C338-EE8E-4E28-8E18-9C4FCC9D063D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:proftpd_project:proftpd:1.2.0_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "33E7C8D7-5F57-4B49-B404-DB4DAE273926",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:proftpd_project:proftpd:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B8BBF8B2-02E6-4A53-A5FC-DA8D39171753",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:proftpd_project:proftpd:1.2.1_final:*:*:*:*:*:*:*",
"matchCriteriaId": "79330B03-B812-435F-A210-6844CC93C71F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:proftpd_project:proftpd:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C9280692-0AB9-4C1F-804C-CB088E5E4483",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:proftpd_project:proftpd:1.2.2_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "F108D73C-1107-41DE-9DDB-505ABAF6E34D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:proftpd_project:proftpd:1.2.2_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "BD7D3BDE-2200-4A5A-B149-DF4D52145A04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:proftpd_project:proftpd:1.2.2_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "34D3C65A-3EE0-4BF1-AB0E-E5D4B01DED2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:proftpd_project:proftpd:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8488C93D-2826-47BE-AE6D-A523199BA7D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:proftpd_project:proftpd:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FD18DE8B-E0E2-43DA-A365-FCCAED59A623",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:proftpd_project:proftpd:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F3591365-5973-450F-A3F5-2EA0247A9571",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:proftpd_project:proftpd:1.2.5_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "85FFCBDF-B1A2-4B93-A2ED-83EA4FE52E1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:proftpd_project:proftpd:1.2.5_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "B15715C4-0E91-4D9C-96E0-4CB49150F0F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:proftpd_project:proftpd:1.2.5_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "25B126A9-3501-4FB2-8AE7-054A6061BE9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:proftpd_project:proftpd:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "48F8C767-468C-448B-8CA8-9DCD43A4BD8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:proftpd_project:proftpd:1.2.6_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "58E52D66-5252-42D5-8226-E73523FD5DE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:proftpd_project:proftpd:1.2.6_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "8C706764-D081-4CA1-BBD3-0BEFABAD6BC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:proftpd_project:proftpd:1.2.6_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "0B1D7983-887E-48D7-B264-7EE349019C73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:proftpd_project:proftpd:1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "31D12FAE-5839-4123-876E-0A32DA2B1A42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:proftpd_project:proftpd:1.2.7_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "0D8C629A-5D13-4DE2-A866-DC99C8D0A761",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:proftpd_project:proftpd:1.2.7_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "3A879A73-C624-4D47-A748-9EAC73EC8DBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:proftpd_project:proftpd:1.2.7_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "53CC91C6-C680-469E-A103-691FAA1CF344",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:proftpd_project:proftpd:1.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C11D565E-0A90-4093-AA87-34A6DAE68E88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:proftpd_project:proftpd:1.2.8_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "E8B4A0D9-071F-4F0E-9826-054D5651773C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:proftpd_project:proftpd:1.2.8_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "918684E1-D1B5-48C6-B413-2FE86379EFF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:proftpd_project:proftpd:1.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "C2C1A60B-D79B-4EE3-9E48-83AF875AD062",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:proftpd_project:proftpd:1.2.9_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "A9C5CBBA-43CE-4D77-9DA4-D4C4E010978B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:proftpd_project:proftpd:1.2.9_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "89CD92BA-407E-4089-A98F-6D1309D8C294",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:proftpd_project:proftpd:1.2.9_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "E3EA91F4-AC66-4A9E-B3B0-AB9B52257DCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:proftpd_project:proftpd:1.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "0DB59FBA-AD15-453A-A3CA-7673D005920C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:proftpd_project:proftpd:1.2.10_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "7A35BC8A-C406-424A-B90B-2B7810380D53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:proftpd_project:proftpd:1.2.10_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "A9E9A40C-65E4-4AD8-9FDF-F91F06BF0FB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:proftpd_project:proftpd:1.2.10_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "80FDA09D-2CD7-4E98-8BD0-39D3F015144C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:proftpd_project:proftpd:1.3.0_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "7DAED483-3825-493E-978D-9047A1F7087B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple format string vulnerabilities in ProFTPD before 1.3.0rc2 allow attackers to cause a denial of service or obtain sensitive information via (1) certain inputs to the shutdown message from ftpshut, or (2) the SQLShowInfo mod_sql directive."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de formateo de cadenas en ProFTPD anterior a la 1..3.0rc2 permite que atacantes causen una denegaci\u00f3n de servicio u obtengan informaci\u00f3n confidencial mediante: 1) ciertos inputs al mensaje de apagado de ftpshut o 2) la directiva SQLShowInfo mod_sql"
}
],
"id": "CVE-2005-2390",
"lastModified": "2024-11-20T23:59:26.797",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-07-27T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=112604373503912\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/16181"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2005/dsa-795"
},
{
"source": "cve@mitre.org",
"url": "http://www.proftpd.org/docs/RELEASE_NOTES-1.3.0rc2"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/14380"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/14381"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=112604373503912\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/16181"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2005/dsa-795"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.proftpd.org/docs/RELEASE_NOTES-1.3.0rc2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/14380"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/14381"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2003-11-17 05:00
Modified
2024-11-20 23:45
Severity ?
Summary
ProFTPD 1.2.7 through 1.2.9rc2 does not properly translate newline characters when transferring files in ASCII mode, which allows remote attackers to execute arbitrary code via a buffer overflow using certain files.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| proftpd_project | proftpd | 1.2.7 | |
| proftpd_project | proftpd | 1.2.7_rc1 | |
| proftpd_project | proftpd | 1.2.7_rc2 | |
| proftpd_project | proftpd | 1.2.7_rc3 | |
| proftpd_project | proftpd | 1.2.8 | |
| proftpd_project | proftpd | 1.2.8_rc1 | |
| proftpd_project | proftpd | 1.2.8_rc2 | |
| proftpd_project | proftpd | 1.2.9_rc1 | |
| proftpd_project | proftpd | 1.2.9_rc2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:proftpd_project:proftpd:1.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "31D12FAE-5839-4123-876E-0A32DA2B1A42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:proftpd_project:proftpd:1.2.7_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "0D8C629A-5D13-4DE2-A866-DC99C8D0A761",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:proftpd_project:proftpd:1.2.7_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "3A879A73-C624-4D47-A748-9EAC73EC8DBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:proftpd_project:proftpd:1.2.7_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "53CC91C6-C680-469E-A103-691FAA1CF344",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:proftpd_project:proftpd:1.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C11D565E-0A90-4093-AA87-34A6DAE68E88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:proftpd_project:proftpd:1.2.8_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "E8B4A0D9-071F-4F0E-9826-054D5651773C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:proftpd_project:proftpd:1.2.8_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "918684E1-D1B5-48C6-B413-2FE86379EFF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:proftpd_project:proftpd:1.2.9_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "A9C5CBBA-43CE-4D77-9DA4-D4C4E010978B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:proftpd_project:proftpd:1.2.9_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "89CD92BA-407E-4089-A98F-6D1309D8C294",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ProFTPD 1.2.7 through 1.2.9rc2 does not properly translate newline characters when transferring files in ASCII mode, which allows remote attackers to execute arbitrary code via a buffer overflow using certain files."
},
{
"lang": "es",
"value": "ProFTPD 1.2.7 a 1.2.9rc2 no traduce adecuadamente los caract\u00e9res de nueva l\u00ednea cuando transfiere caract\u00e9res en modo ASCII, permite a atancantes remotos ejecutar c\u00f3digo arbitrario mediante un desbordamiento de b\u00fafer usando ciertos ficheros."
}
],
"id": "CVE-2003-0831",
"lastModified": "2024-11-20T23:45:37.370",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2003-11-17T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012072.html"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=106441655617816\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=106606885611269\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/9829"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/405348"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:095"
},
{
"source": "cve@mitre.org",
"url": "http://xforce.iss.net/xforce/alerts/id/154"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12200"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/107/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012072.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=106441655617816\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=106606885611269\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/9829"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/405348"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:095"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://xforce.iss.net/xforce/alerts/id/154"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12200"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/107/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-02-12 16:30
Modified
2024-11-21 01:00
Severity ?
Summary
SQL injection vulnerability in ProFTPD Server 1.3.1 through 1.3.2rc2 allows remote attackers to execute arbitrary SQL commands via a "%" (percent) character in the username, which introduces a "'" (single quote) character during variable substitution by mod_sql.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| proftpd_project | proftpd | 1.3.1 | |
| proftpd_project | proftpd | 1.3.2 | |
| proftpd_project | proftpd | 1.3.2_rc2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:proftpd_project:proftpd:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "71965620-399A-450C-95A5-5B327438768A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:proftpd_project:proftpd:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8A80BB64-A714-40D6-80E1-D4AAC5498289",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:proftpd_project:proftpd:1.3.2_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "EBCEA1CC-B662-4B36-8AC3-4C3A3CE3E54C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in ProFTPD Server 1.3.1 through 1.3.2rc2 allows remote attackers to execute arbitrary SQL commands via a \"%\" (percent) character in the username, which introduces a \"\u0027\" (single quote) character during variable substitution by mod_sql."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en el ProFTPD Server v1.3.1 hasta v1.3.2rc2, permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s de un car\u00e1cter \"%\" (porcentaje) en el nombre de usuario, esto introduce un car\u00e1cter \"\u0027\" (comilla simple) durante la sustituci\u00f3n de variable por mod_sql."
}
],
"id": "CVE-2009-0542",
"lastModified": "2024-11-21T01:00:16.857",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-02-12T16:30:00.267",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bugs.proftpd.org/show_bug.cgi?id=3180"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/34268"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200903-27.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2009/dsa-1730"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:061"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2009/02/11/1"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2009/02/11/3"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2009/02/11/5"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/500823/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/500833/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/500851/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/500852/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/8037"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.proftpd.org/show_bug.cgi?id=3180"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/34268"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200903-27.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2009/dsa-1730"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:061"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2009/02/11/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2009/02/11/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2009/02/11/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/500823/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/500833/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/500851/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/500852/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/8037"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}